我從來沒有找到一個完美的解決方案。 Net :: SNMP :: Message(Net::SNMP的一部分)可能允許這樣做,但似乎沒有公開定義的接口,並且Net :: SNMP接口都不是特別相關的。 NSNMP與我所尋找的精神最爲接近,但它很脆弱,並且不適合我開箱即用的數據包,如果我要支持脆弱的代碼,它將成爲我自己的脆弱代碼。
Mon::SNMP也接近我正在尋找的東西,但它也被打破了框。它似乎被放棄了,2001年的最後一個版本和2002年的開發者最後一次CPAN發佈。我當時沒有意識到它,但現在我認爲這是因爲接口改變到了Convert :: BER它使用的模塊。
Mon :: SNMP讓我指向Convert::BER。幾千次讀取了Convert :: BER POD,Mon :: SNMP源和RFC 1157(特別是4.1.6,「陷阱-PDU」),我想出了這個代碼作爲概念證明我想要的。這只是概念證明(因爲我會在代碼後詳細說明),所以它可能並不完美,但我認爲它可能爲將來在此領域工作的Perl人員提供有用的參考,因此它是:
#!/usr/bin/perl
use Convert::BER;
use Convert::BER qw(/^(\$|BER_)/);
my $ber = Convert::BER->new();
# OID I want to add to the trap if not already present
my $snmpTrapAddress = '1.3.6.1.6.3.18.1.3';
# this would be from the incoming socket in production
my $source_ip = '10.137.54.253';
# convert the octets into chars to match SNMP standard for IPs
my $source_ip_str = join('', map { chr($_); } split(/\./, $source_ip));
# Read the binary trap data from STDIN or ARGV. Normally this would
# come from the UDP receiver
my $d = join('', <>);
# Stuff my trap data into $ber
$ber->buffer($d);
print STDERR "Original packet:\n";
$ber->dump();
# Just decode the first two fields so we can tell what version we're dealing with
$ber->decode(
SEQUENCE => [
INTEGER => \$version,
STRING => \$community,
BER => \$rest_of_trap,
],
) || die "Couldn't decode packet: ".$ber->error()."\n";
if ($version == 0) {
#print STDERR "This is a version 1 trap, proceeding\n";
# decode the PDU up to but not including the VARBINDS
$rest_of_trap->decode(
[ SEQUENCE => BER_CONTEXT | BER_CONSTRUCTOR | 0x04 ] =>
[
OBJECT_ID => \$enterprise_oid,
[ STRING => BER_APPLICATION | 0x00 ] => \$agentaddr,
INTEGER => \$generic,
INTEGER => \$specific,
[ INTEGER => BER_APPLICATION | 0x03 ] => \$timeticks,
SEQUENCE => [ BER => \$varbind_ber, ],
],
) || die "Couldn't decode packet: ".$extra->error()."\n";;
# now decode the actual VARBINDS (just the OIDs really, to decode the values
# We'd have to go to the MIBs, which I neither want nor need to do
my($r, $t_oid, $t_val, %varbinds);
while ($r = $varbind_ber->decode(
SEQUENCE => [
OBJECT_ID => \$t_oid,
ANY => \$t_val,
],))
{
if (!$r) {
die "Couldn't decode SEQUENCE: ".$extra->error()."\n";
}
$varbinds{$t_oid} = $t_val;
}
if ($varbinds{$snmpTrapAddress} || $varbinds{"$snmpTrapAddress.0"}) {
# the original trap already had the data, just print it back out
print $d;
} else {
# snmpTrapAddress isn't present, create a new object and rebuild the packet
my $new_trap = new Convert::BER;
$new_trap->encode(
SEQUENCE => [
INTEGER => $version,
STRING => $community,
[ SEQUENCE => BER_CONTEXT | BER_CONSTRUCTOR | 0x04 ] =>
[
OBJECT_ID => $enterprise_oid,
[ STRING => BER_APPLICATION | 0x00 ] => $agentaddr,
INTEGER => $generic,
INTEGER => $specific,
[ INTEGER => BER_APPLICATION | 0x03 ] => $timeticks,
SEQUENCE => [
BER => $varbind_ber,
# this next oid/val is the only mod we should be making
SEQUENCE => [
OBJECT_ID => "$snmpTrapAddress.0",
[ STRING => BER_APPLICATION | 0x00 ] => $source_ip_str,
],
],
],
],
);
print STDERR "New packet:\n";
$new_trap->dump();
print $new_trap->buffer;
}
} else {
print STDERR "I don't know how to decode non-v1 packets yet\n";
# send back the original packet
print $d;
}
所以,就是這樣。這是踢球者。我聽到他們的話說他們沒有得到陷阱中原始發件人的IP。在研究這個例子時,我發現,至少在他們給我的例子中,原始IP位於陷阱中的agent-addr字段中。在向他們展示這些信息並在工具的API中顯示他們使用的這些信息後,他們就試圖在他們的結尾進行更改。上面的代碼是在他們問我實際需要在數據包中使用的東西的時候給出的,但現在上面的代碼仍然沒有經過嚴格測試的概念代碼證明。希望有一天能幫助別人。
我對「SNMP」一無所知,但是`Net-SNMP`有一個`Net :: SNMP :: Message`類。 – 2009-07-14 15:26:16