while (recv($packet)) {
foreach $target (@targets) {
send($target,$packet);
}
}
它基本上是有效的,但现在显而易见的是,它不包括创始人IP是一个问题(显然第一类设备包括信息作为varbind而一些新类没有).
while ($server->recv($packet)) {
my $obj = decompile($packet)
if (!$obj->{varbind}{snmpTrapAddress}) {
$obj->{varbind}{snmpTrapAddress} = inet_ntoa($server->peeraddr());
}
$packet = compile($obj);
foreach $target (@targets) {
send($target,$packet);
}
}
换句话说,如果我的发件人不包括snmpTrapAddress,请添加它.问题是我为Perl看过的每个SNMP软件包似乎都非常关注接收陷阱和执行获取的基础结构.
那么:是否有一个简单的Perl模块允许我说“这是一个代表snmp陷阱的数据blob.将其解码为我可以轻松操作的东西,然后将其重新编译回我可以通过网络抛出的blob”?
如果您给出的答案是“使用SNMP虚拟”,您能举例说明吗?我可能只是失明,但从perldoc SNMP的输出来看,对我来说,如何以这种方式使用它并不明显.
编辑:
看了一下“SNMP编码”实际上是ASN.1 BER(基本编码规则)之后结果.基于此,我正在使用Convert :: BER.我仍然欢迎任何简单的故障分解/编辑/重建技巧.
解决方法
Mon::SNMP也接近我想要的东西,但它也是开箱即用的.它似乎被放弃了,2001年的最后一个版本和开发人员在2002年发布的最后一个CPAN.我当时没有意识到它,但我现在认为它因为转换为:: BER的接口而被破坏了它使用的模块.
Mon :: SNMP让我指向Convert::BER.转换:: BER POD,Mon :: SNMP源和RFC 1157(特别是4.1.6,“Trap-PDU”)的几千次读取后来我出现了用这段代码作为概念证明,做我想做的事.这只是概念的证明(由于我会详细说明代码之后的原因)所以它可能不完美,但我认为它可能为将来在这个领域工作的Perl人提供有用的参考,所以这里是:
#!/usr/bin/perl
use Convert::BER;
use Convert::BER qw(/^(\$|BER_)/);
my $ber = Convert::BER->new();
# OID I want to add to the trap if not already present
my $snmpTrapAddress = '1.3.6.1.6.3.18.1.3';
# this would be from the incoming socket in production
my $source_ip = '10.137.54.253';
# convert the octets into chars to match SNMP standard for IPs
my $source_ip_str = join('',map { chr($_); } split(/\./,$source_ip));
# Read the binary trap data from STDIN or ARGV. normally this would
# come from the UDP receiver
my $d = join('',<>);
# Stuff my trap data into $ber
$ber->buffer($d);
print STDERR "Original packet:\n";
$ber->dump();
# Just decode the first two fields so we can tell what version we're dealing with
$ber->decode(
SEQUENCE => [
INTEGER => \$version,STRING => \$community,BER => \$rest_of_trap,],) || die "Couldn't decode packet: ".$ber->error()."\n";
if ($version == 0) {
#print STDERR "This is a version 1 trap,proceeding\n";
# decode the PDU up to but not including the VARBINDS
$rest_of_trap->decode(
[ SEQUENCE => BER_CONTEXT | BER_CONSTRUCTOR | 0x04 ] =>
[
OBJECT_ID => \$enterprise_oid,[ STRING => BER_APPLICATION | 0x00 ] => \$agentaddr,INTEGER => \$generic,INTEGER => \$specific,[ INTEGER => BER_APPLICATION | 0x03 ] => \$timeticks,SEQUENCE => [ BER => \$varbind_ber,) || die "Couldn't decode packet: ".$extra->error()."\n";;
# Now decode the actual VARBINDS (just the OIDs really,to decode the values
# We'd have to go to the MIBs,which I neither want nor need to do
my($r,$t_oid,$t_val,%varbinds);
while ($r = $varbind_ber->decode(
SEQUENCE => [
OBJECT_ID => \$t_oid,ANY => \$t_val,))
{
if (!$r) {
die "Couldn't decode SEQUENCE: ".$extra->error()."\n";
}
$varbinds{$t_oid} = $t_val;
}
if ($varbinds{$snmpTrapAddress} || $varbinds{"$snmpTrapAddress.0"}) {
# the original trap already had the data,just print it back out
print $d;
} else {
# snmpTrapAddress isn't present,create a new object and rebuild the packet
my $new_trap = new Convert::BER;
$new_trap->encode(
SEQUENCE => [
INTEGER => $version,STRING => $community,[ SEQUENCE => BER_CONTEXT | BER_CONSTRUCTOR | 0x04 ] =>
[
OBJECT_ID => $enterprise_oid,[ STRING => BER_APPLICATION | 0x00 ] => $agentaddr,INTEGER => $generic,INTEGER => $specific,[ INTEGER => BER_APPLICATION | 0x03 ] => $timeticks,SEQUENCE => [
BER => $varbind_ber,# this next oid/val is the only mod we should be making
SEQUENCE => [
OBJECT_ID => "$snmpTrapAddress.0",[ STRING => BER_APPLICATION | 0x00 ] => $source_ip_str,);
print STDERR "New packet:\n";
$new_trap->dump();
print $new_trap->buffer;
}
} else {
print STDERR "I don't kNow how to decode non-v1 packets yet\n";
# send back the original packet
print $d;
}
就是这样了.这是踢球者.我认为他们没有在陷阱中获得原始发件人的IP.在完成这个例子时,我发现,至少在他们给我的例子中,原始IP位于陷阱中的agent-addr字段中.在向他们展示了这个以及他们使用这个工具的API的位置后,他们开始试图在他们的结束时做出改变.我正在考虑上面的代码,因为他们要求我提供一些我真正需要在数据包中丢弃的东西,但是现在上面的内容将仍然是非严格测试的概念代码证明.希望有一天能帮助某人.
