* [PATCH V5 0/5] netfilter: nf_nat_snmp_basic: use ASN.1 decoder
@ 2018-01-07 15:09 Taehee Yoo
2018-01-19 12:57 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Taehee Yoo @ 2018-01-07 15:09 UTC (permalink / raw)
To: pablo, fw, netfilter-devel; +Cc: ap420073
The goal of this patch set are to use the ASN.1 decoder library
to parse SNMP ASN.1 payload.
This patch set are same as previous patch
"[PATCH V2]netfilter: nf_nat_snmp_basic: use asn1 decoder library".
My test environment are below.
#Network
Client <-------------> Netfilter FW <-------------> SNMP Server
192.168.3.2 192.168.3.1 192.168.4.1 192.168.4.2
#FW commands
iptables -t raw -I PREROUTING -p udp -m multiport --dports 161,162 \
-j CT --helper snmp
echo 'file nf_nat_snmp_basic_main.c +p' > \
/sys/kernel/debug/dynamic_debug/control
#SNMP Server commands
sudo ip r a 192.168.3.2 via 192.168.4.1 dev enp2s0
#Client commands
sudo ip r a 192.168.4.2 via 192.168.3.1 dev enp3s0
To test basic snmp test, I used snmpwalk command because it is easy to use
snmpwalk -v <1 or 2c> -c public <ip address> OID
example)
snmpwalk -v 2c -c public 192.168.4.2 .1.3.6.1.2.1.4.21
so that we can see this message from dmesg.
"snmp_helper: 192.168.3.2 to 192.168.4.1"
And, to test snmp trap test, I used snmptrap command.
snmptrap -v 1 -c public 192.168.3.2 .1 192.168.4.2 0 0 0 .1 a \
192.168.4.2
snmptrap -v 2c -c public 192.168.3.2 .1 .1 .1 a 192.168.4.2
SNMPv1 trap includes two ip address in payload. so we can see below
message twice.
"snmp_helper: 192.168.4.2 to 192.168.3.1"
If you want to see asn1 decoder debug message, please use below command
echo 'file asn1_decoder.c +p' > /sys/kernel/debug/dynamic_debug/control
V5 :
- fix sparse error
V4 :
- rename nf_nat_snmp_basic.c to nf_nat_snmp_basic_main.c
to fix compile error
V3 :
- be separated by previous patch.
V2 :
- Add missing nf_nat_snmp_basic.asn1 file
V1 :
- Initial patch
Taehee Yoo (5):
netfilter: nf_nat_snmp_basic: remove useless comment
netfilter: nf_nat_snmp_basic: remove debug parameter
netfilter: nf_nat_snmp_basic: replace ctinfo with dir.
netfilter: nf_nat_snmp_basic: use nf_ct_helper_log
netfilter: nf_nat_snmp_basic: use asn1 decoder library
net/ipv4/netfilter/Kconfig | 1 +
net/ipv4/netfilter/Makefile | 6 +
net/ipv4/netfilter/nf_nat_snmp_basic.asn1 | 177 +++
...f_nat_snmp_basic.c => nf_nat_snmp_basic_main.c} | 1181 ++------------------
4 files changed, 249 insertions(+), 1116 deletions(-)
create mode 100644 net/ipv4/netfilter/nf_nat_snmp_basic.asn1
rename net/ipv4/netfilter/{nf_nat_snmp_basic.c => nf_nat_snmp_basic_main.c} (15%)
--
2.9.3
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH V5 0/5] netfilter: nf_nat_snmp_basic: use ASN.1 decoder
2018-01-07 15:09 [PATCH V5 0/5] netfilter: nf_nat_snmp_basic: use ASN.1 decoder Taehee Yoo
@ 2018-01-19 12:57 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2018-01-19 12:57 UTC (permalink / raw)
To: Taehee Yoo; +Cc: fw, netfilter-devel
On Mon, Jan 08, 2018 at 12:09:17AM +0900, Taehee Yoo wrote:
> The goal of this patch set are to use the ASN.1 decoder library
> to parse SNMP ASN.1 payload.
Thanks, I'm going to apply to nf-next.
I've been postponing this to schedule time to test this intensively,
but I've been failing to find the time.
Given you've done hard work on this, I'm going to trust you have
tested this intensively, so we get no fallout.
And thanks for your patience.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2018-01-19 12:57 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-07 15:09 [PATCH V5 0/5] netfilter: nf_nat_snmp_basic: use ASN.1 decoder Taehee Yoo
2018-01-19 12:57 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.