-
Receinving traps
I've got a program that is recieving traps from a remote
agent. I need to verify the data received is a trap
and not any other data. I'm trying to create a structure
to map the packet data too so I can extract the correct
information. The only text I can find that decribes the
format of the packet is below:
Trap-PDU ::=
[4]
IMPLICIT SEQUENCE {
enterprise -- type of object generating
-- trap, see sysObjectID in [5]
OBJECT IDENTIFIER,
agent-addr -- address of object generating
NetworkAddress, -- trap
generic-trap -- generic trap type
INTEGER {
coldStart(0),
warmStart(1),
linkDown(2),
linkUp(3),
authenticationFailure(4),
egpNeighborLoss(5),
enterpriseSpecific(6)
},
specific-trap -- specific code, present even
INTEGER, -- if generic-trap is not
-- enterpriseSpecific
time-stamp -- time elapsed between the last
TimeTicks, -- (re)initialization of the network
-- entity and the generation of the
trap
variable-bindings -- "interesting" information
VarBindList
}
Is htie the real format? I'm looking for more on the
lines of
-----------------------------------
| Header | From | .... | Variable |
-----------------------------------
I see the objects up there but I'm not sure how much space
they take. If I knew I could start cutting up the
packet into data that I need.
Thanks,
Chris
-
Re: Receinving traps
[Sorry for the delay in responding to this]
Chris Fowler wrote:[color=blue]
> I've got a program that is recieving traps from a remote
> agent. I need to verify the data received is a trap
> and not any other data.[/color]
There is an implicit header field, containing the type of
the PDU. (It's actually a result of the encoding mechanism
rather than a specifically defined header value, but that
doesn't really matter).
[color=blue]
> I see the objects up there but I'm not sure how much space
> they take. If I knew I could start cutting up the
> packet into data that I need.[/color]
The problem is that SNMP packets don't have fixed-size headers,
or anything close. The order of things is pretty fixed, but
the sizes (and hence where to look) is not.
Even the first header field (the SNMP version) may appear in
the third or fourth octet of the PDU - depending on the overall
size. The request type appears quite a bit later, after various
version-specific information.
Realistically, the only way to determine whether this is a
trap PDU or not, is to decode it (at least up to that point).
Or rather, to let the toolkit library that you're using decode
it - there's no point in re-inventing the wheel!
Then check the type field in that toolkit's data structure.
Also remember that there are three different types of notification
request (v1 TRAP, v2 TRAP and v2 INFORM)
Dave
