1 /* $OpenBSD: snmpd.h,v 1.42 2013/03/06 21:42:40 sthen Exp $ */ 2 3 /* 4 * Copyright (c) 2007, 2008, 2012 Reyk Floeter <reyk@openbsd.org> 5 * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 6 * 7 * Permission to use, copy, modify, and distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 #ifndef _SNMPD_H 21 #define _SNMPD_H 22 23 #include <netinet/in.h> 24 #include <netinet/if_ether.h> 25 #include <net/pfvar.h> 26 #include <net/route.h> 27 28 #include "ber.h" 29 #include <snmp.h> 30 31 #include <imsg.h> 32 33 /* 34 * common definitions for snmpd 35 */ 36 37 #define CONF_FILE "/etc/snmpd.conf" 38 #define SNMPD_SOCKET "/var/run/snmpd.sock" 39 #define SNMPD_USER "_snmpd" 40 #define SNMPD_PORT 161 41 #define SNMPD_TRAPPORT 162 42 43 #define SNMPD_MAXSTRLEN 484 44 #define SNMPD_MAXCOMMUNITYLEN SNMPD_MAXSTRLEN 45 #define SNMPD_MAXVARBIND 0x7fffffff 46 #define SNMPD_MAXVARBINDLEN 1210 47 #define SNMPD_MAXENGINEIDLEN 32 48 #define SNMPD_MAXUSERNAMELEN 32 49 #define SNMPD_MAXCONTEXNAMELEN 32 50 51 #define SNMP_USM_DIGESTLEN 12 52 #define SNMP_USM_SALTLEN 8 53 #define SNMP_USM_KEYLEN 64 54 #define SNMP_CIPHER_KEYLEN 16 55 56 #define SMALL_READ_BUF_SIZE 1024 57 #define READ_BUF_SIZE 65535 58 #define RT_BUF_SIZE 16384 59 #define MAX_RTSOCK_BUF (128 * 1024) 60 61 #define SNMP_ENGINEID_OLD 0x00 62 #define SNMP_ENGINEID_NEW 0x80 /* RFC3411 */ 63 64 #define SNMP_ENGINEID_FMT_IPv4 1 65 #define SNMP_ENGINEID_FMT_IPv6 2 66 #define SNMP_ENGINEID_FMT_MAC 3 67 #define SNMP_ENGINEID_FMT_TEXT 4 68 #define SNMP_ENGINEID_FMT_OCT 5 69 #define SNMP_ENGINEID_FMT_EID 128 70 71 enum imsg_type { 72 IMSG_NONE, 73 IMSG_CTL_OK, /* answer to snmpctl requests */ 74 IMSG_CTL_FAIL, 75 IMSG_CTL_END, 76 IMSG_CTL_NOTIFY 77 }; 78 79 enum { 80 PROC_PARENT, /* Parent process and application interface */ 81 PROC_SNMPE /* SNMP engine */ 82 } snmpd_process; 83 84 /* initially control.h */ 85 struct control_sock { 86 const char *cs_name; 87 struct event cs_ev; 88 struct event cs_evt; 89 int cs_fd; 90 int cs_restricted; 91 }; 92 93 enum blockmodes { 94 BM_NORMAL, 95 BM_NONBLOCK 96 }; 97 98 struct imsgev { 99 struct imsgbuf ibuf; 100 void (*handler)(int, short, void *); 101 struct event ev; 102 void *data; 103 short events; 104 }; 105 106 struct ctl_conn { 107 TAILQ_ENTRY(ctl_conn) entry; 108 u_int8_t flags; 109 #define CTL_CONN_NOTIFY 0x01 110 #define CTL_CONN_LOCKED 0x02 /* restricted mode */ 111 struct imsgev iev; 112 113 }; 114 TAILQ_HEAD(ctl_connlist, ctl_conn); 115 extern struct ctl_connlist ctl_conns; 116 117 /* 118 * kroute 119 */ 120 121 union kaddr { 122 struct sockaddr sa; 123 struct sockaddr_in sin; 124 struct sockaddr_in6 sin6; 125 char pad[32]; 126 }; 127 128 struct kroute { 129 struct in_addr prefix; 130 struct in_addr nexthop; 131 u_long ticks; 132 u_int16_t flags; 133 u_short if_index; 134 u_int8_t prefixlen; 135 u_int8_t priority; 136 }; 137 138 struct kroute6 { 139 struct in6_addr prefix; 140 struct in6_addr nexthop; 141 u_long ticks; 142 u_int16_t flags; 143 u_short if_index; 144 u_int8_t prefixlen; 145 u_int8_t priority; 146 }; 147 148 struct kif_addr { 149 u_short if_index; 150 union kaddr addr; 151 union kaddr mask; 152 union kaddr dstbrd; 153 154 TAILQ_ENTRY(kif_addr) entry; 155 RB_ENTRY(kif_addr) node; 156 }; 157 158 struct kif { 159 char if_name[IF_NAMESIZE]; 160 char if_descr[IFDESCRSIZE]; 161 u_int8_t if_lladdr[ETHER_ADDR_LEN]; 162 struct if_data if_data; 163 u_long if_ticks; 164 int if_flags; 165 u_short if_index; 166 }; 167 168 #define F_CONNECTED 0x0001 169 #define F_STATIC 0x0002 170 #define F_BLACKHOLE 0x0004 171 #define F_REJECT 0x0008 172 #define F_DYNAMIC 0x0010 173 174 /* 175 * Message Processing Subsystem (mps) 176 */ 177 178 struct oid { 179 struct ber_oid o_id; 180 #define o_oid o_id.bo_id 181 #define o_oidlen o_id.bo_n 182 183 char *o_name; 184 185 u_int o_flags; 186 187 int (*o_get)(struct oid *, struct ber_oid *, 188 struct ber_element **); 189 int (*o_set)(struct oid *, struct ber_oid *, 190 struct ber_element **); 191 struct ber_oid *(*o_table)(struct oid *, struct ber_oid *, 192 struct ber_oid *); 193 194 long long o_val; 195 void *o_data; 196 197 RB_ENTRY(oid) o_element; 198 }; 199 200 #define OID_ROOT 0x00 201 #define OID_RD 0x01 202 #define OID_WR 0x02 203 #define OID_IFSET 0x04 /* only if user-specified value */ 204 #define OID_DYNAMIC 0x08 /* free allocated data */ 205 #define OID_TABLE 0x10 /* dynamic sub-elements */ 206 #define OID_MIB 0x20 /* root-OID of a supported MIB */ 207 #define OID_KEY 0x40 /* lookup tables */ 208 209 #define OID_RS (OID_RD|OID_IFSET) 210 #define OID_WS (OID_WR|OID_IFSET) 211 #define OID_RW (OID_RD|OID_WR) 212 #define OID_RWS (OID_RW|OID_IFSET) 213 214 #define OID_TRD (OID_RD|OID_TABLE) 215 #define OID_TWR (OID_WR|OID_TABLE) 216 #define OID_TRS (OID_RD|OID_IFSET|OID_TABLE) 217 #define OID_TWS (OID_WR|OID_IFSET|OID_TABLE) 218 #define OID_TRW (OID_RD|OID_WR|OID_TABLE) 219 #define OID_TRWS (OID_RW|OID_IFSET|OID_TABLE) 220 221 #define OID_NOTSET(_oid) \ 222 (((_oid)->o_flags & OID_IFSET) && \ 223 ((_oid)->o_data == NULL) && ((_oid)->o_val == 0)) 224 225 #define OID(...) { { __VA_ARGS__ } } 226 #define MIBDECL(...) { { MIB_##__VA_ARGS__ } }, #__VA_ARGS__ 227 #define MIB(...) { { MIB_##__VA_ARGS__ } }, NULL 228 #define MIBEND { { 0 } }, NULL 229 230 /* 231 * pf 232 */ 233 234 enum { PFRB_TABLES = 1, PFRB_TSTATS, PFRB_ADDRS, PFRB_ASTATS, 235 PFRB_IFACES, PFRB_TRANS, PFRB_MAX }; 236 237 enum { IN, OUT }; 238 enum { IPV4, IPV6 }; 239 enum { PASS, BLOCK }; 240 241 enum { PFI_IFTYPE_GROUP, PFI_IFTYPE_INSTANCE }; 242 243 struct pfr_buffer { 244 int pfrb_type; /* type of content, see enum above */ 245 int pfrb_size; /* number of objects in buffer */ 246 int pfrb_msize; /* maximum number of objects in buffer */ 247 void *pfrb_caddr; /* malloc'ated memory area */ 248 }; 249 250 #define PFRB_FOREACH(var, buf) \ 251 for ((var) = pfr_buf_next((buf), NULL); \ 252 (var) != NULL; \ 253 (var) = pfr_buf_next((buf), (var))) 254 255 /* 256 * daemon structures 257 */ 258 259 #define MSG_HAS_AUTH(m) (((m)->sm_flags & SNMP_MSGFLAG_AUTH) != 0) 260 #define MSG_HAS_PRIV(m) (((m)->sm_flags & SNMP_MSGFLAG_PRIV) != 0) 261 #define MSG_SECLEVEL(m) ((m)->sm_flags & SNMP_MSGFLAG_SECMASK) 262 #define MSG_REPORT(m) (((m)->sm_flags & SNMP_MSGFLAG_REPORT) != 0) 263 264 struct snmp_message { 265 struct ber_element *sm_resp; 266 u_int8_t sm_data[READ_BUF_SIZE]; 267 size_t sm_datalen; 268 269 u_int sm_version; 270 271 /* V1, V2c */ 272 char sm_community[SNMPD_MAXCOMMUNITYLEN]; 273 int sm_context; 274 275 /* V3 */ 276 long long sm_msgid; 277 long long sm_max_msg_size; 278 u_int8_t sm_flags; 279 long long sm_secmodel; 280 u_int32_t sm_engine_boots; 281 u_int32_t sm_engine_time; 282 char sm_ctxengineid[SNMPD_MAXENGINEIDLEN]; 283 size_t sm_ctxengineid_len; 284 char sm_ctxname[SNMPD_MAXCONTEXNAMELEN+1]; 285 286 /* USM */ 287 char sm_username[SNMPD_MAXUSERNAMELEN+1]; 288 struct usmuser *sm_user; 289 size_t sm_digest_offs; 290 char sm_salt[SNMP_USM_SALTLEN]; 291 int sm_usmerr; 292 293 long long sm_request; 294 295 long long sm_error; 296 #define sm_nonrepeaters sm_error 297 long long sm_errorindex; 298 #define sm_maxrepetitions sm_errorindex 299 300 struct ber_element *sm_pdu; 301 struct ber_element *sm_pduend; 302 303 struct ber_element *sm_varbind; 304 struct ber_element *sm_varbindresp; 305 }; 306 307 /* Defined in SNMPv2-MIB.txt (RFC 3418) */ 308 struct snmp_stats { 309 u_int32_t snmp_inpkts; 310 u_int32_t snmp_outpkts; 311 u_int32_t snmp_inbadversions; 312 u_int32_t snmp_inbadcommunitynames; 313 u_int32_t snmp_inbadcommunityuses; 314 u_int32_t snmp_inasnparseerrs; 315 u_int32_t snmp_intoobigs; 316 u_int32_t snmp_innosuchnames; 317 u_int32_t snmp_inbadvalues; 318 u_int32_t snmp_inreadonlys; 319 u_int32_t snmp_ingenerrs; 320 u_int32_t snmp_intotalreqvars; 321 u_int32_t snmp_intotalsetvars; 322 u_int32_t snmp_ingetrequests; 323 u_int32_t snmp_ingetnexts; 324 u_int32_t snmp_insetrequests; 325 u_int32_t snmp_ingetresponses; 326 u_int32_t snmp_intraps; 327 u_int32_t snmp_outtoobigs; 328 u_int32_t snmp_outnosuchnames; 329 u_int32_t snmp_outbadvalues; 330 u_int32_t snmp_outgenerrs; 331 u_int32_t snmp_outgetrequests; 332 u_int32_t snmp_outgetnexts; 333 u_int32_t snmp_outsetrequests; 334 u_int32_t snmp_outgetresponses; 335 u_int32_t snmp_outtraps; 336 int snmp_enableauthentraps; 337 u_int32_t snmp_silentdrops; 338 u_int32_t snmp_proxydrops; 339 340 /* USM stats (RFC 3414) */ 341 u_int32_t snmp_usmbadseclevel; 342 u_int32_t snmp_usmtimewindow; 343 u_int32_t snmp_usmnosuchuser; 344 u_int32_t snmp_usmnosuchengine; 345 u_int32_t snmp_usmwrongdigest; 346 u_int32_t snmp_usmdecrypterr; 347 }; 348 349 struct address { 350 struct sockaddr_storage ss; 351 in_port_t port; 352 353 TAILQ_ENTRY(address) entry; 354 355 /* For SNMP trap receivers etc. */ 356 char *sa_community; 357 struct ber_oid *sa_oid; 358 }; 359 TAILQ_HEAD(addresslist, address); 360 361 enum usmauth { 362 AUTH_NONE = 0, 363 AUTH_MD5, /* HMAC-MD5-96, RFC3414 */ 364 AUTH_SHA1 /* HMAC-SHA-96, RFC3414 */ 365 }; 366 367 #define AUTH_DEFAULT AUTH_SHA1 /* Default digest */ 368 369 enum usmpriv { 370 PRIV_NONE = 0, 371 PRIV_DES, /* CBC-DES, RFC3414 */ 372 PRIV_AES /* CFB128-AES-128, RFC3826 */ 373 }; 374 375 #define PRIV_DEFAULT PRIV_DES /* Default cipher */ 376 377 struct usmuser { 378 char *uu_name; 379 int uu_seclevel; 380 381 enum usmauth uu_auth; 382 char *uu_authkey; 383 unsigned uu_authkeylen; 384 385 386 enum usmpriv uu_priv; 387 char *uu_privkey; 388 unsigned long long uu_salt; 389 390 SLIST_ENTRY(usmuser) uu_next; 391 }; 392 393 struct snmpd { 394 u_int8_t sc_flags; 395 #define SNMPD_F_VERBOSE 0x01 396 #define SNMPD_F_NONAMES 0x02 397 398 const char *sc_confpath; 399 struct address sc_address; 400 int sc_sock; 401 struct event sc_ev; 402 struct timeval sc_starttime; 403 u_int32_t sc_engine_boots; 404 405 struct control_sock sc_csock; 406 struct control_sock sc_rcsock; 407 408 char sc_rdcommunity[SNMPD_MAXCOMMUNITYLEN]; 409 char sc_rwcommunity[SNMPD_MAXCOMMUNITYLEN]; 410 char sc_trcommunity[SNMPD_MAXCOMMUNITYLEN]; 411 412 char sc_engineid[SNMPD_MAXENGINEIDLEN]; 413 size_t sc_engineid_len; 414 415 struct snmp_stats sc_stats; 416 417 struct addresslist sc_trapreceivers; 418 419 int sc_ncpu; 420 int64_t *sc_cpustates; 421 int sc_rtfilter; 422 423 int sc_min_seclevel; 424 }; 425 426 /* control.c */ 427 int control_init(struct control_sock *); 428 int control_listen(struct control_sock *); 429 void control_accept(int, short, void *); 430 void control_dispatch_imsg(int, short, void *); 431 void control_imsg_forward(struct imsg *); 432 void control_cleanup(struct control_sock *); 433 434 void session_socket_blockmode(int, enum blockmodes); 435 436 /* parse.y */ 437 struct snmpd *parse_config(const char *, u_int); 438 int cmdline_symset(char *); 439 440 /* log.c */ 441 void log_init(int); 442 void log_warn(const char *, ...); 443 void log_warnx(const char *, ...); 444 void log_info(const char *, ...); 445 void log_debug(const char *, ...); 446 __dead void fatal(const char *); 447 __dead void fatalx(const char *); 448 void vlog(int, const char *, va_list); 449 const char *log_in6addr(const struct in6_addr *); 450 const char *print_host(struct sockaddr_storage *, char *, size_t); 451 452 void imsg_event_add(struct imsgev *); 453 int imsg_compose_event(struct imsgev *, enum imsg_type, u_int32_t, 454 pid_t, int, void *, u_int16_t); 455 456 /* kroute.c */ 457 void kr_init(void); 458 void kr_shutdown(void); 459 460 u_int kr_ifnumber(void); 461 u_long kr_iflastchange(void); 462 int kr_updateif(u_int); 463 u_long kr_routenumber(void); 464 465 struct kif *kr_getif(u_short); 466 struct kif *kr_getnextif(u_short); 467 struct kif_addr *kr_getaddr(struct sockaddr *); 468 struct kif_addr *kr_getnextaddr(struct sockaddr *); 469 470 struct kroute *kroute_first(void); 471 struct kroute *kroute_getaddr(in_addr_t, u_int8_t, u_int8_t, int); 472 473 /* snmpe.c */ 474 pid_t snmpe(struct snmpd *, int [2]); 475 void snmpe_debug_elements(struct ber_element *); 476 477 /* trap.c */ 478 void trap_init(void); 479 int trap_imsg(struct imsgev *, pid_t); 480 int trap_send(struct ber_oid *, struct ber_element *); 481 482 /* mps.c */ 483 struct ber_element * 484 mps_getreq(struct ber_element *, struct ber_oid *, u_int); 485 struct ber_element * 486 mps_getnextreq(struct ber_element *, struct ber_oid *); 487 int mps_setreq(struct ber_element *, struct ber_oid *); 488 int mps_set(struct ber_oid *, void *, long long); 489 int mps_getstr(struct oid *, struct ber_oid *, 490 struct ber_element **); 491 int mps_setstr(struct oid *, struct ber_oid *, 492 struct ber_element **); 493 int mps_getint(struct oid *, struct ber_oid *, 494 struct ber_element **); 495 int mps_setint(struct oid *, struct ber_oid *, 496 struct ber_element **); 497 int mps_getts(struct oid *, struct ber_oid *, 498 struct ber_element **); 499 void mps_encodeinaddr(struct ber_oid *, struct in_addr *, int); 500 int mps_decodeinaddr(struct ber_oid *, struct in_addr *, int); 501 struct ber_oid *mps_table(struct oid *, struct ber_oid *, struct ber_oid *); 502 503 /* pf.c */ 504 void pf_init(void); 505 int pf_get_stats(struct pf_status *); 506 int pfr_get_astats(struct pfr_table *, struct pfr_astats *, 507 int *, int); 508 int pfr_get_tstats(struct pfr_table *, struct pfr_tstats *, 509 int *, int); 510 int pfr_buf_grow(struct pfr_buffer *, int); 511 const void *pfr_buf_next(struct pfr_buffer *, const void *); 512 int pfi_get_ifaces(const char *, struct pfi_kif *, int *); 513 int pfi_get(struct pfr_buffer *, const char *); 514 int pfi_count(void); 515 int pfi_get_if(struct pfi_kif *, int); 516 int pft_get(struct pfr_buffer *, struct pfr_table *); 517 int pft_count(void); 518 int pft_get_table(struct pfr_tstats *, int); 519 int pfta_get(struct pfr_buffer *, struct pfr_table *); 520 int pfta_get_addr(struct pfr_astats *, int); 521 int pfta_get_nextaddr(struct pfr_astats *, int *); 522 int pfta_get_first(struct pfr_astats *); 523 524 /* smi.c */ 525 int smi_init(void); 526 u_long smi_getticks(void); 527 void smi_mibtree(struct oid *); 528 struct oid *smi_find(struct oid *); 529 struct oid *smi_next(struct oid *); 530 struct oid *smi_foreach(struct oid *, u_int); 531 void smi_oidlen(struct ber_oid *); 532 void smi_scalar_oidlen(struct ber_oid *); 533 char *smi_oidstring(struct ber_oid *, char *, size_t); 534 void smi_delete(struct oid *); 535 void smi_insert(struct oid *); 536 int smi_oid_cmp(struct oid *, struct oid *); 537 538 /* timer.c */ 539 void timer_init(void); 540 541 /* snmpd.c */ 542 int snmpd_socket_af(struct sockaddr_storage *, in_port_t); 543 u_long snmpd_engine_time(void); 544 char *tohexstr(u_int8_t *, int); 545 546 /* usm.c */ 547 void usm_generate_keys(void); 548 struct usmuser *usm_newuser(char *name, const char **); 549 struct usmuser *usm_finduser(char *name); 550 int usm_checkuser(struct usmuser *, const char **); 551 struct ber_element *usm_decode(struct snmp_message *, struct ber_element *, 552 const char **); 553 struct ber_element *usm_encode(struct snmp_message *, struct ber_element *); 554 struct ber_element *usm_encrypt(struct snmp_message *, struct ber_element *); 555 void usm_finalize_digest(struct snmp_message *, char *, ssize_t); 556 void usm_make_report(struct snmp_message *); 557 #endif /* _SNMPD_H */ 558