>
> Now, I need to update all the trap parsers to handle both Hex-STRING and
> STRING formats.
>
> Nasty, nasty bug..
>
> [1] http://www.packetfence.org/bugs/view.php?id=1098
This bug is now history. Attached is a patch that fixes the problem.
Trap parsers for 3Com, Aruba, Cisco, Dlink, Enterasys, HP, Nortel, SMC,
Xirrus needed to be updated.
The patch should be somewhat safe to apply on 2.2.1 and earlier although
I haven't tried. If we ever port this patch for customers I'll add the
ported versions to the bug entry.
Cheers!
--
Olivier Bilodeau
[email protected] :: +1.514.447.4918 *115 :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence
(www.packetfence.org)
#
# Fix for #1098
# Olivier Bilodeau <[email protected]>
# Copyright (C) Inverse inc.
# Licensed under GPLv2.
#
============================================================
--- pf/sbin/pfsetvlan 7f0a40e44525bd3d777ab6ba363a4fa226c05baf
+++ pf/sbin/pfsetvlan 607bf9bc57a298808196e6c079a182769795c7de
@@ -149,7 +149,7 @@ my $TRAP_PATTERN = qr/
(?:\-\>\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\])? # Optional "->[ip
address]" (since net-snmp 5.4)
\|([^|]*)\| # Used to carry
network device ip if it's a local trap
(.+)$ # Trap message
-/x;
+/sx; # s for multiline support (if we encounter an Hex 0a which is encoded as
a newline in STRING)
my $fh = new File::Tail(
'name' => INSTALL_DIR . '/logs/snmptrapd.log',
@@ -280,7 +280,7 @@ while ( defined( $currentTrapLine = $fh-
}
} else {
if ($inMultiLineTrap) {
- $completeTrapLine .= " $currentTrapLine";
+ $completeTrapLine .= "\n$currentTrapLine";
if ( $currentTrapLine =~ m/END VARIABLEBINDINGS$/ ) {
#end multiLine read
============================================================
--- pf/lib/pf/SNMP/Aruba.pm 0130240d0ccc78018bb4bba07fd371b3174267fe
+++ pf/lib/pf/SNMP/Aruba.pm 83051dbb614333dd58e9b6f1ca32afc1bfcc4b88
@@ -37,6 +37,7 @@ use pf::config;
use Net::Telnet;
use pf::config;
+use pf::SNMP::constants;
use pf::util;
=head1 SUBROUTINES
@@ -81,10 +82,9 @@ sub parseTrap {
# wlsxNUserEntryDeAuthenticated: 1.3.6.1.4.1.14823.2.3.1.11.1.2.1017
- if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.2\.1017[|].+[|]\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.1\.52\.[0-9]+
= Hex-STRING: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}
[0-9A-Z]{2})/ ) {
+ if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.2\.1017[|].+[|]\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.1\.52\.[0-9]+
= $SNMP::MAC_ADDRESS_FORMAT/) {
$trapHashRef->{'trapType'} = 'dot11Deauthentication';
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
} else {
$logger->debug("trap currently not handled");
============================================================
--- pf/lib/pf/SNMP/Cisco.pm 629111f8e99f81b7c824341c4a569f4e18406375
+++ pf/lib/pf/SNMP/Cisco.pm e8cd6331647d4965aa0ffe98b2f8a290d19f4d5c
@@ -23,6 +23,7 @@ use pf::SNMP::constants;
use pf::config;
# importing switch constants
use pf::SNMP::constants;
+use pf::util;
=head1 SUBROUTINES
@@ -264,39 +265,31 @@ sub parseTrap {
# CISCO-PORT-SECURITY-MIB cpsSecureMacAddrViolation
} elsif (
( $trapString
- =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.1[|]\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
+ =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.1[|]\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/
) || ( $trapString
- =~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) =
.+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- ) )
- {
+ =~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) =
.+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/) ) {
+
$trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
# CISCO-PORT-SECURITY-MIB cpsTrunkSecureMacAddrViolation
} elsif ( $trapString
- =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.2[|]\.1\.3\.6\.1\.2\.1\.31\.1\.1\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.2[|]\.1\.3\.6\.1\.2\.1\.31\.1\.1\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
# IEEE802dot11-MIB dot11DeauthenticateReason + dot11DeauthenticateStation
} elsif ( $trapString
- =~ /\.1\.2\.840\.10036\.1\.1\.1\.17\.[0-9]+ = INTEGER:
[0-9]+[|]\.1\.2\.840\.10036\.1\.1\.1\.18\.[0-9]+ = Hex-STRING: ([0-9A-Z]{2}
[0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'dot11Deauthentication';
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ =~ /\.1\.2\.840\.10036\.1\.1\.1\.17\.[0-9]+ = INTEGER:
[0-9]+[|]\.1\.2\.840\.10036\.1\.1\.1\.18\.[0-9]+ = $SNMP::MAC_ADDRESS_FORMAT/ )
{
+ $trapHashRef->{'trapType'} = 'dot11Deauthentication';
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
+
} else {
$logger->debug("trap currently not handled");
$trapHashRef->{'trapType'} = 'unknown';
============================================================
--- pf/lib/pf/SNMP/Dlink.pm 70ed7d0d84211ea21c8e15017406a90432238586
+++ pf/lib/pf/SNMP/Dlink.pm 5734788e6eb49cd14a31371849357c0105142546
@@ -19,6 +19,9 @@ use Log::Log4perl;
use Net::SNMP;
use Log::Log4perl;
+use pf::SNMP::constants;
+use pf::util;
+
sub getVersion {
my ($this) = @_;
my $oid_swDlinkEquipmentCapacitySwVersion
@@ -71,10 +74,12 @@ sub parseTrap {
$trapHashRef->{'trapIfIndex'} = hex( $trapHashRef->{'trapIfIndex'} );
$trapHashRef->{'trapVlan'}
= $this->getVlan( $trapHashRef->{'trapIfIndex'} );
- } elsif ($trapString =~ /[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID:
\.1\.3\.6\.1\.4\.1\.171\.10\.73\.30\.13\.22[|]\.1\.3\.6\.1\.4\.1\.171\.10\.73\.30\.9\.1\.1\.1
= Hex-STRING: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}
[0-9A-Z]{2})/) {
+
+ } elsif ($trapString =~ /[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID:
\.1\.3\.6\.1\.4\.1\.171\.10\.73\.30\.13\.22[|]\.1\.3\.6\.1\.4\.1\.171\.10\.73\.30\.9\.1\.1\.1
= $SNMP::MAC_ADDRESS_FORMAT/) {
+
$trapHashRef->{'trapType'} = 'dot11Deauthentication';
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
+
} else {
$logger->debug("trap currently not handled");
$trapHashRef->{'trapType'} = 'unknown';
============================================================
--- pf/lib/pf/SNMP/Enterasys.pm 5c0dadff97842f6a01caec2fc0e04bec59fb346a
+++ pf/lib/pf/SNMP/Enterasys.pm 9073fa4d56541810fa532734ab82ee0e97f0a91a
@@ -21,6 +21,9 @@ use Net::SNMP;
use Log::Log4perl;
use Net::SNMP;
+use pf::SNMP::constants;
+use pf::util;
+
sub parseTrap {
my ( $this, $trapString ) = @_;
my $trapHashRef;
@@ -45,17 +48,13 @@ sub parseTrap {
)
);
} elsif ( $trapString
- =~ /\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID:
\.1\.3\.6\.1\.4\.1\.5624\.1\.2\.21\.1\.[01]\.1\|\.1\.3\.6\.1\.4\.1\.5624\.1\.2\.21\.1\.2\.1\.1\.4\.(\d+)
= Hex-STRING: ([0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2}
[0-9A-F]{2})/
- )
- {
+ =~ /\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 = OID:
\.1\.3\.6\.1\.4\.1\.5624\.1\.2\.21\.1\.[01]\.1\|\.1\.3\.6\.1\.4\.1\.5624\.1\.2\.21\.1\.2\.1\.1\.4\.(\d+)
= $SNMP::MAC_ADDRESS_FORMAT/) {
+
$trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
- #link up/down
} else {
$logger->debug("trap currently not handled");
$trapHashRef->{'trapType'} = 'unknown';
============================================================
--- pf/lib/pf/SNMP/Extricom.pm 9fed3db6b4c14f327d72d22d077cc419d7012452
+++ pf/lib/pf/SNMP/Extricom.pm 07d4f47a8fcbb2b84ff893f83874c2fe7b2e3073
@@ -84,7 +84,6 @@ sub parseTrap {
if ( $trapString =~ /\.1\.3\.6\.1\.4\.1\.23937\.2\.1 = STRING:
"[0-9]+:Client
([0-9A-Z]{2}:[0-9A-Z]{2}:[0-9A-Z]{2}:[0-9A-Z]{2}:[0-9A-Z]{2}:[0-9A-Z]{2})/ ) {
$trapHashRef->{'trapType'} = 'dot11Deauthentication';
$trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
} else {
$logger->debug("trap currently not handled");
============================================================
--- pf/lib/pf/SNMP/HP/Controller_MSM710.pm
e839236f9b97f7fea34154bb6ca69856dd199b5a
+++ pf/lib/pf/SNMP/HP/Controller_MSM710.pm
35d7a0582c5a7eb544895c17f527a1b712372f3f
@@ -74,10 +74,10 @@ sub parseTrap {
# COLUBRIS-DEVICE-EVENT-MIB :: coDeviceEventSuccessfulDeAuthentication ::
1.3.6.1.4.1.8744.5.26.2.0.9
# COLUBRIS-DEVICE-EVENT-MIB :: coDevEvDetMacAddress ::
1.3.6.1.4.1.8744.5.26.1.2.2.1.2
- if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.8744\.5\.26\.2\.0\.9[|]\.1\.3\.6\.1\.4\.1\.8744\.5\.26\.1\.2\.2\.1\.2.+Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/) {
+ if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.8744\.5\.26\.2\.0\.9[|]\.1\.3\.6\.1\.4\.1\.8744\.5\.26\.1\.2\.2\.1\.2.+$SNMP::MAC_ADDRESS_FORMAT/
) {
+
$trapHashRef->{'trapType'} = 'dot11Deauthentication';
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
} else {
$logger->debug("trap currently not handled");
============================================================
--- pf/lib/pf/SNMP/HP.pm 730250edd39959b6deec8b8e93f13941d56d5099
+++ pf/lib/pf/SNMP/HP.pm 07076c65816ab6e2edd7d574a098dac099ddca77
@@ -33,6 +33,9 @@ use Net::SNMP;
use Log::Log4perl;
use Net::SNMP;
+use pf::SNMP::constants;
+use pf::util;
+
sub getVersion {
my ($this) = @_;
my $oid_hpSwitchOsVersion = '1.3.6.1.4.1.11.2.14.11.5.1.1.3.0';
@@ -59,27 +62,21 @@ sub parseTrap {
#-- secureMacAddrViolation SNMP v1 & v2c
if ( $trapString
- =~ /BEGIN VARIABLEBINDINGS
\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.2\.1\.\d+ = INTEGER:
1\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.3\.1\.(\d+) = INTEGER:
\d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ = Hex-STRING:
([0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /BEGIN VARIABLEBINDINGS
\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.2\.1\.\d+ = INTEGER:
1\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.3\.1\.(\d+) = INTEGER:
\d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ =
$SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
#-- secureMacAddrViolation SNMP v3
} elsif ( $trapString
- =~ /BEGIN VARIABLEBINDINGS.*OID:
\.1\.3\.6\.1\.4\.1\.11\.2\.14\.12\.4\.0\.\d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.2\.1\.\d+
= INTEGER: 1\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.3\.1\.(\d+) =
INTEGER: \d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ =
Hex-STRING: ([0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2}
[0-9A-F]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /BEGIN VARIABLEBINDINGS.*OID:
\.1\.3\.6\.1\.4\.1\.11\.2\.14\.12\.4\.0\.\d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.2\.1\.\d+
= INTEGER: 1\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.3\.1\.(\d+) =
INTEGER: \d+\|\.1\.3\.6\.1\.4\.1\.11\.2\.14\.2\.10\.2\.1\.4\.1\.\d+ =
$SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
#link up/down
} elsif ( $trapString
============================================================
--- pf/lib/pf/SNMP/MockedSwitch.pm 6757bf26b806f7e6488f1091a0b18b3d035edbfc
+++ pf/lib/pf/SNMP/MockedSwitch.pm 79704de11f866fa4d85fb1c2f9c884fd51a11546
@@ -48,6 +48,7 @@ use pf::SNMP::constants;
use pf::config;
# importing switch constants
use pf::SNMP::constants;
+use pf::util;
# these are in microseconds (not milliseconds!) because of Time::HiRes's usleep
# TODO benchmark more sensible values
@@ -1029,39 +1030,31 @@ sub parseTrap {
# CISCO-PORT-SECURITY-MIB cpsSecureMacAddrViolation
} elsif (
( $trapString
- =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.1[|]\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
+ =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.1[|]\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/
) || ( $trapString
- =~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) =
.+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- ) )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /BEGIN VARIABLEBINDINGS \.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) =
.+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/) ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
# CISCO-PORT-SECURITY-MIB cpsTrunkSecureMacAddrViolation
} elsif ( $trapString
- =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.2[|]\.1\.3\.6\.1\.2\.1\.31\.1\.1\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ = Hex-STRING:
([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /BEGIN VARIABLEBINDINGS .+[|]\.1\.3\.6\.1\.6\.3\.1\.1\.4\.1\.0 =
OID:
\.1\.3\.6\.1\.4\.1\.9\.9\.315\.0\.0\.2[|]\.1\.3\.6\.1\.2\.1\.31\.1\.1\.1\.1\.([0-9]+)
= .+[|]\.1\.3\.6\.1\.4\.1\.9\.9\.315\.1\.2\.1\.1\.10\.[0-9]+ =
$SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'}
- = $this->getVlan( $trapHashRef->{'trapIfIndex'} );
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
+ $trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
# IEEE802dot11-MIB dot11DeauthenticateReason + dot11DeauthenticateStation
} elsif ( $trapString
- =~ /\.1\.2\.840\.10036\.1\.1\.1\.17\.[0-9]+ = INTEGER:
[0-9]+[|]\.1\.2\.840\.10036\.1\.1\.1\.18\.[0-9]+ = Hex-STRING: ([0-9A-Z]{2}
[0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'dot11Deauthentication';
+ =~ /\.1\.2\.840\.10036\.1\.1\.1\.17\.[0-9]+ = INTEGER:
[0-9]+[|]\.1\.2\.840\.10036\.1\.1\.1\.18\.[0-9]+ = $SNMP::MAC_ADDRESS_FORMAT/ )
{
+
+ $trapHashRef->{'trapType'} = 'dot11Deauthentication';
$trapHashRef->{'trapIfIndex'} = "WIFI";
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
} else {
$logger->debug("trap currently not handled");
============================================================
--- pf/lib/pf/SNMP/Nortel.pm 37775d7edc2e3c2e0f93320ba6bbda56907a25cb
+++ pf/lib/pf/SNMP/Nortel.pm 6f9136f31bb2a0bdb1e73571e5a794c252442550
@@ -91,13 +91,11 @@ sub parseTrap {
$trapHashRef->{'trapType'} = ( ( $1 == 2 ) ? "down" : "up" );
$trapHashRef->{'trapIfIndex'} = $2;
} elsif ( $trapString
- =~ /\|\.1\.3\.6\.1\.4\.1\.45\.1\.6\.5\.3\.12\.1\.3\.(\d+)\.(\d+) =
Hex-STRING: ([0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2} [0-9A-F]{2}
[0-9A-F]{2})/
- )
- {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ =~ /\|\.1\.3\.6\.1\.4\.1\.45\.1\.6\.5\.3\.12\.1\.3\.(\d+)\.(\d+) =
$SNMP::MAC_ADDRESS_FORMAT/) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = ( $1 - $this->getFirstBoardIndex() ) *
$this->getBoardIndexWidth() + $2;
- $trapHashRef->{'trapMac'} = lc($3);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($3);
$trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
if ($trapHashRef->{'trapIfIndex'} <= 0) {
@@ -111,6 +109,7 @@ sub parseTrap {
"ifIndex for " . $trapHashRef->{'trapMac'} . " on switch " .
$this->{_ip}
. " is " . $trapHashRef->{'trapIfIndex'}
);
+
} else {
$logger->debug("trap currently not handled");
$trapHashRef->{'trapType'} = 'unknown';
============================================================
--- pf/lib/pf/SNMP/SMC.pm 3351539976569a8172e66275d5a665bff599f410
+++ pf/lib/pf/SNMP/SMC.pm d0120aece048007910dd7187d39f3f1f0199eb64
@@ -51,11 +51,11 @@ sub parseTrap {
$trapHashRef->{'trapType'} = ( ( $1 == 2 ) ? "down" : "up" );
$trapHashRef->{'trapIfIndex'} = $2;
- } elsif ( $trapString =~ m/BEGIN VARIABLEBINDINGS .+ OID:
\.1\.3\.6\.1\.4\.1\.202\.20\.[0-9]+\.2\.1\.0\.36\|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.[0-9]+
= INTEGER: ([0-9]+)\|\.1\.3\.6\.1\.4\.1\.202\.20\.[0-9]+\.1\.14\.2\.29\.0 =
Hex-STRING: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}
[0-9A-Z]{2})/) {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+ } elsif ( $trapString =~ m/BEGIN VARIABLEBINDINGS .+ OID:
\.1\.3\.6\.1\.4\.1\.202\.20\.[0-9]+\.2\.1\.0\.36\|\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.[0-9]+
= INTEGER: ([0-9]+)\|\.1\.3\.6\.1\.4\.1\.202\.20\.[0-9]+\.1\.14\.2\.29\.0 =
$SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($2);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($2);
$trapHashRef->{'trapVlan'} = $this->getVlan(
$trapHashRef->{'trapIfIndex'} );
} else {
============================================================
--- pf/lib/pf/SNMP/ThreeCom.pm 16c597a9fa33282e9043fb1b9994543ed9740c96
+++ pf/lib/pf/SNMP/ThreeCom.pm 54104d99fd8c4bf1581e0ab0e91b0401e47bfd73
@@ -20,6 +20,9 @@ use Net::SNMP;
use Log::Log4perl;
use Net::SNMP;
+use pf::SNMP::constants;
+use pf::util;
+
sub parseTrap {
my ( $this, $trapString ) = @_;
my $trapHashRef;
@@ -36,12 +39,14 @@ sub parseTrap {
{
$trapHashRef->{'trapType'} = ( ( $1 == 2 ) ? "down" : "up" );
$trapHashRef->{'trapIfIndex'} = $2;
- } elsif ( $trapString =~ /BEGIN VARIABLEBINDINGS
\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) = INTEGER:
[0-9]+\|\.1\.3\.6\.1\.4\.1\.43\.45\.1\.10\.2\.26\.1\.2\.2\.1\.1\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.(\d+)
= Hex-STRING: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}
[0-9A-Z]{2})/) {
- $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
+
+ } elsif ( $trapString =~ /BEGIN VARIABLEBINDINGS
\.1\.3\.6\.1\.2\.1\.2\.2\.1\.1\.([0-9]+) = INTEGER:
[0-9]+\|\.1\.3\.6\.1\.4\.1\.43\.45\.1\.10\.2\.26\.1\.2\.2\.1\.1\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\.(\d+)
= $SNMP::MAC_ADDRESS_FORMAT/ ) {
+
+ $trapHashRef->{'trapType'} = 'secureMacAddrViolation';
$trapHashRef->{'trapIfIndex'} = $1;
- $trapHashRef->{'trapMac'} = lc($3);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
- $trapHashRef->{'trapVlan'} = $2;
+ $trapHashRef->{'trapVlan'} = $2;
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($3);
+
} else {
$logger->debug("trap currently not handled");
$trapHashRef->{'trapType'} = 'unknown';
============================================================
--- pf/lib/pf/SNMP/Xirrus.pm da17166697b8620dd3f3aa733bf6545b2ad8c1c0
+++ pf/lib/pf/SNMP/Xirrus.pm 1c450ccf6a06d2b45f4fd977e73aa1c1c9d2a57a
@@ -30,6 +30,7 @@ use pf::config;
use base ('pf::SNMP');
use pf::config;
+use pf::SNMP::constants;
use pf::util;
=head1 SUBROUTINES
@@ -80,11 +81,9 @@ sub parseTrap {
# wlsxNUserEntryDeAuthenticated: 1.3.6.1.4.1.14823.2.3.1.11.1.2.1017
- if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.2\.1017[|].+[|]\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.1\.52\.[0-9]+
= Hex-STRING: ([0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2} [0-9A-Z]{2}
[0-9A-Z]{2})/ ) {
- $trapHashRef->{'trapType'} = 'dot11Deauthentication';
- $trapHashRef->{'trapIfIndex'} = "WIFI";
- $trapHashRef->{'trapMac'} = lc($1);
- $trapHashRef->{'trapMac'} =~ s/ /:/g;
+ if ( $trapString =~
/\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.2\.1017[|].+[|]\.1\.3\.6\.1\.4\.1\.14823\.2\.3\.1\.11\.1\.1\.52\.[0-9]+
= $SNMP::MAC_ADDRESS_FORMAT/ ) {
+ $trapHashRef->{'trapType'} = 'dot11Deauthentication';
+ $trapHashRef->{'trapMac'} = parse_mac_from_trap($1);
} else {
$logger->debug("trap currently not handled");
============================================================
--- pf/lib/pf/SNMP/constants.pm b48fb15371c381f88220f8b909b6a0e6ae5a62c2
+++ pf/lib/pf/SNMP/constants.pm 2b656a1c708408a2b1c27bffaff52338f839d4c5
@@ -26,6 +26,26 @@ package SNMP;
=cut
package SNMP;
+=item MAC_ADDRESS_FORMAT
+
+snmptrapd guesses the format of data in traps.
+If the format is printable then it feeds it as a STRING.
+Otherwise an Hex-STRING is sent (99.9% of the cases).
+
+We need to handle both cases thus this precompiled regexp.
+
+=cut
+Readonly::Scalar our $MAC_ADDRESS_FORMAT => qr/
+ (
+ Hex-STRING:\
+ [0-9A-Z]{2}\ [0-9A-Z]{2}\ [0-9A-Z]{2}\ [0-9A-Z]{2}\ [0-9A-Z]{2}\
[0-9A-Z]{2} # MAC Address
+ |
+ STRING:\
+ ".+"
+ )
+/sx; # which may contain newline characters to mean hex 0a (thus the s)
+
+
=item dot1dTpFdbStatus - defined by RFC 1493 (Definitions of Managed Objects
for Bridges)
other(1)
============================================================
--- pf/lib/pf/util.pm c261eac32481f7956312c50b048a5fa7fba1d234
+++ pf/lib/pf/util.pm b2c9f1cb7b814bb760e7449678a94b0d012f084e
@@ -43,6 +43,7 @@ BEGIN {
pfmon_preload parse_template mysql_date oui_to_vendor mac2oid oid2mac
str_to_connection_type connection_type_to_str
get_total_system_memory
+ parse_mac_from_trap
);
}
@@ -846,6 +847,34 @@ sub get_total_system_memory {
return $total_mem;
}
+=item parse_mac_from_trap
+
+snmptrapd sometimes converts an Hex-STRING into STRING if all of the values
are valid "printable" ascii.
+
+This method handles both technique and return the MAC address in a format
PacketFence expects.
+
+Must be combined with new regular expression that handles both formats:
$SNMP::MAC_ADDRESS_FORMAT
+
+=cut
+sub parse_mac_from_trap {
+ my ($to_parse) = @_;
+
+ my $mac;
+ if ($to_parse =~ /Hex-STRING:\ ([0-9A-Z]{2}\ [0-9A-Z]{2}\ [0-9A-Z]{2}\
[0-9A-Z]{2}\ [0-9A-Z]{2}\ [0-9A-Z]{2})/) {
+ $mac = lc($1);
+ $mac =~ s/ /:/g;
+
+ } elsif ($to_parse =~ /STRING:\ "(.+)"/s) {
+ $mac = $1;
+ $mac =~ s/\\"/"/g; # replaces \" with "
+ $mac =~ s/\\\\/\\/g; # replaces \\ with \
+ $mac = unpack("H*", $mac);
+ $mac =~ s/([a-f0-9]{2})(?!$)/$1:/g; # builds groups of two separ ated
by :
+ }
+
+ return $mac;
+}
+
=back
=head1 AUTHOR
------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
Packetfence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
