2 * Copyright (c) 2001-2003
3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
6 * Author: Harti Brandt <harti@freebsd.org>
8 * Copyright (c) 2010 The FreeBSD Foundation
11 * Portions of this software were developed by Shteryana Sotirova Shopova
12 * under sponsorship from the FreeBSD Foundation.
14 * Redistribution and use in source and binary forms, with or without
15 * modification, are permitted provided that the following conditions
17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer.
19 * 2. Redistributions in binary form must reproduce the above copyright
20 * notice, this list of conditions and the following disclaimer in the
21 * documentation and/or other materials provided with the distribution.
23 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 * $Begemot: bsnmp/snmpd/snmpmod.h,v 1.32 2006/02/14 09:04:20 brandt_h Exp $
37 * SNMP daemon data and functions exported to modules.
42 #include <sys/types.h>
43 #include <sys/queue.h>
44 #include <sys/socket.h>
46 #include <netinet/in.h>
49 #include "snmpagent.h"
51 #define MAX_MOD_ARGS 16
54 * These macros help to handle object lists for SNMP tables. They use
55 * tail queues to hold the objects in ascending order in the list.
56 * ordering can be done either on an integer/unsigned field, an asn_oid
57 * or an ordering function.
61 * First set of macros is used when the link is embedded into sub-struct
62 * and links these sub-structs. The sub-struct must be the first field.
64 * The list is a list of the subfield types.
66 #define INSERT_OBJECT_OID_LINK_INDEX_TYPE(PTR, LIST, LINK, INDEX, SUBF) do {\
67 typedef __typeof ((PTR)->SUBF) _subf_type; \
70 TAILQ_FOREACH(_lelem, (LIST), LINK) \
71 if (asn_compare_oid(&_lelem->INDEX, &(PTR)->SUBF.INDEX) > 0)\
74 TAILQ_INSERT_TAIL((LIST), &(PTR)->SUBF, LINK); \
76 TAILQ_INSERT_BEFORE(_lelem, &(PTR)->SUBF, LINK); \
79 #define NEXT_OBJECT_OID_LINK_INDEX_TYPE(LIST, OID, SUB, LINK, INDEX, TYPE) ({\
80 __typeof (TAILQ_FIRST((LIST))) _lelem; \
82 TAILQ_FOREACH(_lelem, (LIST), LINK) \
83 if (index_compare(OID, SUB, &_lelem->INDEX) < 0) \
88 #define FIND_OBJECT_OID_LINK_INDEX_TYPE(LIST, OID, SUB, LINK, INDEX, TYPE) ({\
89 __typeof (TAILQ_FIRST((LIST))) _lelem; \
91 TAILQ_FOREACH(_lelem, (LIST), LINK) \
92 if (index_compare(OID, SUB, &_lelem->INDEX) == 0) \
98 * This set of macros allows specification of the link and index name.
99 * The index is an OID.
101 #define INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, LINK, INDEX) do { \
102 __typeof (PTR) _lelem; \
104 TAILQ_FOREACH(_lelem, (LIST), LINK) \
105 if (asn_compare_oid(&_lelem->INDEX, &(PTR)->INDEX) > 0) \
107 if (_lelem == NULL) \
108 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \
110 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \
113 #define INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, LINK, INDEX) do { \
114 __typeof (PTR) _lelem; \
116 TAILQ_FOREACH(_lelem, (LIST), LINK) \
117 if ((asn_subid_t)_lelem->INDEX > (asn_subid_t)(PTR)->INDEX)\
119 if (_lelem == NULL) \
120 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \
122 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \
125 #define INSERT_OBJECT_FUNC_LINK(PTR, LIST, LINK, FUNC) do { \
126 __typeof (PTR) _lelem; \
128 TAILQ_FOREACH(_lelem, (LIST), LINK) \
129 if ((FUNC)(_lelem, (PTR)) > 0) \
131 if (_lelem == NULL) \
132 TAILQ_INSERT_TAIL((LIST), (PTR), LINK); \
134 TAILQ_INSERT_BEFORE(_lelem, (PTR), LINK); \
137 #define INSERT_OBJECT_FUNC_LINK_REV(PTR, LIST, HEAD, LINK, FUNC) do { \
138 __typeof (PTR) _lelem; \
140 TAILQ_FOREACH_REVERSE(_lelem, (LIST), HEAD, LINK) \
141 if ((FUNC)(_lelem, (PTR)) < 0) \
143 if (_lelem == NULL) \
144 TAILQ_INSERT_HEAD((LIST), (PTR), LINK); \
146 TAILQ_INSERT_AFTER((LIST), _lelem, (PTR), LINK); \
149 #define FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \
150 __typeof (TAILQ_FIRST(LIST)) _lelem; \
152 TAILQ_FOREACH(_lelem, (LIST), LINK) \
153 if (index_compare(OID, SUB, &_lelem->INDEX) == 0) \
158 #define NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \
159 __typeof (TAILQ_FIRST(LIST)) _lelem; \
161 TAILQ_FOREACH(_lelem, (LIST), LINK) \
162 if (index_compare(OID, SUB, &_lelem->INDEX) < 0) \
167 #define FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \
168 __typeof (TAILQ_FIRST(LIST)) _lelem; \
170 if ((OID)->len - SUB != 1) \
173 TAILQ_FOREACH(_lelem, (LIST), LINK) \
174 if ((OID)->subs[SUB] == (asn_subid_t)_lelem->INDEX)\
179 #define NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, INDEX) ({ \
180 __typeof (TAILQ_FIRST(LIST)) _lelem; \
182 if ((OID)->len - SUB == 0) \
183 _lelem = TAILQ_FIRST(LIST); \
185 TAILQ_FOREACH(_lelem, (LIST), LINK) \
186 if ((OID)->subs[SUB] < (asn_subid_t)_lelem->INDEX)\
191 #define FIND_OBJECT_FUNC_LINK(LIST, OID, SUB, LINK, FUNC) ({ \
192 __typeof (TAILQ_FIRST(LIST)) _lelem; \
194 TAILQ_FOREACH(_lelem, (LIST), LINK) \
195 if ((FUNC)(OID, SUB, _lelem) == 0) \
200 #define NEXT_OBJECT_FUNC_LINK(LIST, OID, SUB, LINK, FUNC) ({ \
201 __typeof (TAILQ_FIRST(LIST)) _lelem; \
203 TAILQ_FOREACH(_lelem, (LIST), LINK) \
204 if ((FUNC)(OID, SUB, _lelem) < 0) \
210 * Macros for the case where the index field is called 'index'
212 #define INSERT_OBJECT_OID_LINK(PTR, LIST, LINK) \
213 INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, LINK, index)
215 #define INSERT_OBJECT_INT_LINK(PTR, LIST, LINK) do { \
216 INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, LINK, index)
218 #define FIND_OBJECT_OID_LINK(LIST, OID, SUB, LINK) \
219 FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, index)
221 #define NEXT_OBJECT_OID_LINK(LIST, OID, SUB, LINK) \
222 NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, LINK, index)
224 #define FIND_OBJECT_INT_LINK(LIST, OID, SUB, LINK) \
225 FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, index)
227 #define NEXT_OBJECT_INT_LINK(LIST, OID, SUB, LINK) \
228 NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, LINK, index)
231 * Macros for the case where the index field is called 'index' and the
234 #define INSERT_OBJECT_OID(PTR, LIST) \
235 INSERT_OBJECT_OID_LINK_INDEX(PTR, LIST, link, index)
237 #define INSERT_OBJECT_INT(PTR, LIST) \
238 INSERT_OBJECT_INT_LINK_INDEX(PTR, LIST, link, index)
240 #define INSERT_OBJECT_FUNC_REV(PTR, LIST, HEAD, FUNC) \
241 INSERT_OBJECT_FUNC_LINK_REV(PTR, LIST, HEAD, link, FUNC)
243 #define FIND_OBJECT_OID(LIST, OID, SUB) \
244 FIND_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, link, index)
246 #define FIND_OBJECT_INT(LIST, OID, SUB) \
247 FIND_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, link, index)
249 #define FIND_OBJECT_FUNC(LIST, OID, SUB, FUNC) \
250 FIND_OBJECT_FUNC_LINK(LIST, OID, SUB, link, FUNC)
252 #define NEXT_OBJECT_OID(LIST, OID, SUB) \
253 NEXT_OBJECT_OID_LINK_INDEX(LIST, OID, SUB, link, index)
255 #define NEXT_OBJECT_INT(LIST, OID, SUB) \
256 NEXT_OBJECT_INT_LINK_INDEX(LIST, OID, SUB, link, index)
258 #define NEXT_OBJECT_FUNC(LIST, OID, SUB, FUNC) \
259 NEXT_OBJECT_FUNC_LINK(LIST, OID, SUB, link, FUNC)
263 /* The tick when the program was started. This is the absolute time of
264 * the start in 100th of a second. */
265 extern uint64_t start_tick;
267 /* The tick when the current packet was received. This is the absolute
268 * time in 100th of second. */
269 extern uint64_t this_tick;
271 /* Get the current absolute time in 100th of a second. */
272 uint64_t get_ticks(void);
275 * Return code for proxy function
277 enum snmpd_proxy_err {
278 /* proxy code will process the PDU */
280 /* proxy code does not process PDU */
284 /* drop because of bad community */
286 /* drop because of bad community use */
287 SNMPD_PROXY_BADCOMMUSE
293 enum snmpd_input_err {
294 /* proceed with packet */
296 /* fatal error in packet, ignore it */
298 /* value encoding has wrong length in a SET operation */
299 SNMPD_INPUT_VALBADLEN,
300 /* value encoding is out of range */
301 SNMPD_INPUT_VALRANGE,
302 /* value has bad encoding */
303 SNMPD_INPUT_VALBADENC,
304 /* need more data (truncated packet) */
306 /* unknown community */
307 SNMPD_INPUT_BAD_COMM,
311 * Every loadable module must have one of this structures with
312 * the external name 'config'.
315 /* a comment describing what this module implements */
318 /* the initialization function */
319 int (*init)(struct lmodule *, int argc, char *argv[]);
321 /* the finalisation function */
324 /* the idle function */
327 /* the dump function */
330 /* re-configuration function */
331 void (*config)(void);
333 /* start operation */
337 enum snmpd_proxy_err (*proxy)(struct snmp_pdu *, void *,
338 const struct asn_oid *, const struct sockaddr *, socklen_t,
339 enum snmpd_input_err, int32_t, int);
341 /* the tree this module is going to server */
342 const struct snmp_node *tree;
345 /* function called, when another module was unloaded/loaded */
346 void (*loading)(const struct lmodule *, int);
350 * Stuff exported to modules
358 struct asn_oid object_id;
363 uint32_t or_last_change;
365 extern struct systemg systemg;
370 * We have 2 fixed communities for SNMP read and write access. Modules
371 * can create their communities dynamically. They are deleted automatically
372 * if the module is unloaded.
374 #define COMM_INITIALIZE 0
378 u_int comm_define(u_int, const char *descr, struct lmodule *, const char *str);
379 struct community *comm_define_ordered(u_int priv, const char *descr,
380 struct asn_oid *index, struct lmodule *owner, const char *str);
381 const char * comm_string(u_int);
383 /* community for current packet */
384 extern u_int community;
387 * SNMP User-based Security Model data. Modified via the snmp_usm(3) module.
389 struct snmpd_usmstat {
390 uint32_t unsupported_seclevels;
391 uint32_t not_in_time_windows;
392 uint32_t unknown_users;
393 uint32_t unknown_engine_ids;
394 uint32_t wrong_digests;
395 uint32_t decrypt_errors;
398 extern struct snmpd_usmstat snmpd_usmstats;
399 struct snmpd_usmstat *bsnmpd_get_usm_stats(void);
400 void bsnmpd_reset_usm_stats(void);
403 struct snmp_user suser;
404 uint8_t user_engine_id[SNMP_ENGINE_ID_SIZ];
405 uint32_t user_engine_len;
406 char user_public[SNMP_ADM_STR32_SIZ];
407 uint32_t user_public_len;
410 SLIST_ENTRY(usm_user) up;
413 SLIST_HEAD(usm_userlist, usm_user);
414 struct usm_user *usm_first_user(void);
415 struct usm_user *usm_next_user(struct usm_user *);
416 struct usm_user *usm_find_user(uint8_t *, uint32_t, char *);
417 struct usm_user *usm_new_user(uint8_t *, uint32_t, char *);
418 void usm_delete_user(struct usm_user *);
419 void usm_flush_users(void);
421 /* USM user for current packet */
422 extern struct usm_user *usm_user;
425 * SNMP View-based Access Control Model data. Modified via the snmp_vacm(3) module.
430 /* Security user name from USM */
431 char secname[SNMP_ADM_STR32_SIZ];
433 /* Back pointer to user assigned group name */
434 struct vacm_group *group;
437 SLIST_ENTRY(vacm_user) vvu;
438 SLIST_ENTRY(vacm_user) vvg;
441 SLIST_HEAD(vacm_userlist, vacm_user);
444 char groupname[SNMP_ADM_STR32_SIZ];
445 struct vacm_userlist group_users;
446 SLIST_ENTRY(vacm_group) vge;
449 SLIST_HEAD(vacm_grouplist, vacm_group);
452 /* The group name is index, not a column in the table */
453 struct vacm_group *group;
454 char ctx_prefix[SNMP_ADM_STR32_SIZ];
458 struct vacm_view *read_view;
459 struct vacm_view *write_view;
460 struct vacm_view *notify_view;
463 TAILQ_ENTRY(vacm_access) vva;
466 TAILQ_HEAD(vacm_accesslist, vacm_access);
469 char viewname[SNMP_ADM_STR32_SIZ]; /* key */
470 struct asn_oid subtree; /* key */
475 SLIST_ENTRY(vacm_view) vvl;
478 SLIST_HEAD(vacm_viewlist, vacm_view);
480 struct vacm_context {
481 /* The ID of the module that registered this context */
483 char ctxname[SNMP_ADM_STR32_SIZ];
484 SLIST_ENTRY(vacm_context) vcl;
487 SLIST_HEAD(vacm_contextlist, vacm_context);
489 void vacm_groups_init(void);
490 struct vacm_user *vacm_first_user(void);
491 struct vacm_user *vacm_next_user(struct vacm_user *);
492 struct vacm_user *vacm_new_user(int32_t, char *);
493 int vacm_delete_user(struct vacm_user *);
494 int vacm_user_set_group(struct vacm_user *, u_char *, u_int);
495 struct vacm_access *vacm_first_access_rule(void);
496 struct vacm_access *vacm_next_access_rule(struct vacm_access *);
497 struct vacm_access *vacm_new_access_rule(char *, char *, int32_t, int32_t);
498 int vacm_delete_access_rule(struct vacm_access *);
499 struct vacm_view *vacm_first_view(void);
500 struct vacm_view *vacm_next_view(struct vacm_view *);
501 struct vacm_view *vacm_new_view(char *, struct asn_oid *);
502 int vacm_delete_view(struct vacm_view *);
503 struct vacm_context *vacm_first_context(void);
504 struct vacm_context *vacm_next_context(struct vacm_context *);
505 struct vacm_context *vacm_add_context(char *, int32_t);
506 void vacm_flush_contexts(int32_t);
509 * RFC 3413 SNMP Management Target & Notification MIB
512 struct snmpd_target_stats {
513 uint32_t unavail_contexts;
514 uint32_t unknown_contexts;
517 #define SNMP_UDP_ADDR_SIZ 6
518 #define SNMP_TAG_SIZ (255 + 1)
520 struct target_address {
521 char name[SNMP_ADM_STR32_SIZ];
522 uint8_t address[SNMP_UDP_ADDR_SIZ];
525 char taglist[SNMP_TAG_SIZ];
526 char paramname[SNMP_ADM_STR32_SIZ];
530 SLIST_ENTRY(target_address) ta;
533 SLIST_HEAD(target_addresslist, target_address);
535 struct target_param {
536 char name[SNMP_ADM_STR32_SIZ];
539 char secname[SNMP_ADM_STR32_SIZ];
540 enum snmp_usm_level sec_level;
543 SLIST_ENTRY(target_param) tp;
546 SLIST_HEAD(target_paramlist, target_param);
548 struct target_notify {
549 char name[SNMP_ADM_STR32_SIZ];
550 char taglist[SNMP_TAG_SIZ];
554 SLIST_ENTRY(target_notify) tn;
557 SLIST_HEAD(target_notifylist, target_notify);
559 extern struct snmpd_target_stats snmpd_target_stats;
560 struct snmpd_target_stats *bsnmpd_get_target_stats(void);
561 struct target_address *target_first_address(void);
562 struct target_address *target_next_address(struct target_address *);
563 struct target_address *target_new_address(char *);
564 int target_activate_address(struct target_address *);
565 int target_delete_address(struct target_address *);
566 struct target_param *target_first_param(void);
567 struct target_param *target_next_param(struct target_param *);
568 struct target_param *target_new_param(char *);
569 int target_delete_param(struct target_param *);
570 struct target_notify *target_first_notify(void);
571 struct target_notify *target_next_notify(struct target_notify *);
572 struct target_notify *target_new_notify(char *);
573 int target_delete_notify (struct target_notify *);
574 void target_flush_all(void);
579 extern const struct asn_oid oid_zeroDotZero;
581 /* SNMPv3 Engine Discovery */
582 extern const struct asn_oid oid_usmUnknownEngineIDs;
583 extern const struct asn_oid oid_usmNotInTimeWindows;
588 * A module can request a range of request ids and associate them with a
589 * type field. All ranges are deleted if a module is unloaded.
591 u_int reqid_allocate(int size, struct lmodule *);
592 int32_t reqid_next(u_int type);
593 int32_t reqid_base(u_int type);
594 int reqid_istype(int32_t reqid, u_int type);
595 u_int reqid_type(int32_t reqid);
600 void *timer_start(u_int, void (*)(void *), void *, struct lmodule *);
601 void *timer_start_repeat(u_int, u_int, void (*)(void *), void *,
603 void timer_stop(void *);
608 void *fd_select(int, void (*)(int, void *), void *, struct lmodule *);
609 void fd_deselect(void *);
610 void fd_suspend(void *);
611 int fd_resume(void *);
616 u_int or_register(const struct asn_oid *, const char *, struct lmodule *);
617 void or_unregister(u_int);
622 void *buf_alloc(int tx);
623 size_t buf_size(int tx);
625 /* decode PDU and find community */
626 enum snmpd_input_err snmp_input_start(const u_char *, size_t, const char *,
627 struct snmp_pdu *, int32_t *, size_t *);
629 /* process the pdu. returns either _OK or _FAILED */
630 enum snmpd_input_err snmp_input_finish(struct snmp_pdu *, const u_char *,
631 size_t, u_char *, size_t *, const char *, enum snmpd_input_err, int32_t,
634 void snmp_output(struct snmp_pdu *, u_char *, size_t *, const char *);
635 void snmp_send_port(void *, const struct asn_oid *, struct snmp_pdu *,
636 const struct sockaddr *, socklen_t);
637 enum snmp_code snmp_pdu_auth_access(struct snmp_pdu *, int32_t *);
640 void snmp_send_trap(const struct asn_oid *, ...);
645 int string_save(struct snmp_value *, struct snmp_context *, ssize_t, u_char **);
646 void string_commit(struct snmp_context *);
647 void string_rollback(struct snmp_context *, u_char **);
648 int string_get(struct snmp_value *, const u_char *, ssize_t);
649 int string_get_max(struct snmp_value *, const u_char *, ssize_t, size_t);
650 void string_free(struct snmp_context *);
652 int ip_save(struct snmp_value *, struct snmp_context *, u_char *);
653 void ip_rollback(struct snmp_context *, u_char *);
654 void ip_commit(struct snmp_context *);
655 int ip_get(struct snmp_value *, u_char *);
657 int oid_save(struct snmp_value *, struct snmp_context *, struct asn_oid *);
658 void oid_rollback(struct snmp_context *, struct asn_oid *);
659 void oid_commit(struct snmp_context *);
660 int oid_get(struct snmp_value *, const struct asn_oid *);
662 int index_decode(const struct asn_oid *oid, u_int sub, u_int code, ...);
663 int index_compare(const struct asn_oid *, u_int, const struct asn_oid *);
664 int index_compare_off(const struct asn_oid *, u_int, const struct asn_oid *,
666 void index_append(struct asn_oid *, u_int, const struct asn_oid *);
667 void index_append_off(struct asn_oid *, u_int, const struct asn_oid *, u_int);