1. 首页
  2. 问答
  3. 是否有限制可以通过udp/snmp发送多少个字符?

是否有限制可以通过udp/snmp发送多少个字符?

2017-08-23 43 views
1

我想通过UDP/SNMP从服务器发送一个字符串到客户端。但是,如果我复制一个长度为86的字符串到pdu packet->value_value一切正常,我得到客户端的字符串。如果我只向字符串添加更多字符,则长度现在为87,数据包无法传递给客户端。数据包大小正确提升。是否有限制可以发送多少个字符?我的包是小于1500是否有限制可以通过udp/snmp发送多少个字符?

这段代码显示了如何将字符串复制到packet->value_value

value_value = "asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd asd as"; 
printf("String length: %d\n",strlen(value_value)); // 86 OK, 87or greater NOK 
packet->value_length = strlen(value_value); 
packet->value_value = malloc(packet->value_length); 
strcpy(packet->value_value, value_value);

对于一些信息,这里的终端输出有关的包中一些更多的信息长度

输出与字符串长度86

src/agent.c:69:parse_request(): Input length=43 
src/agent.c:116:perform_snmp_request(): OID is: 1.3.6.1.2.1.1.1.0 
String length: 86 
src/mibservice.c:90:snmpget(): packet->value_type=04 
src/mibservice.c:91:snmpget(): packet->value_length=56 
src/mibservice.c:93:snmpget(): packet->value_value=61 
... 
src/mibservice.c:93:snmpget(): packet->value_value=73 
src/mibservice.c:95:snmpget(): Before packet->length=41 
src/mibservice.c:97:snmpget(): After packet->length=127 
src/mibservice.c:99:snmpget(): Before packet->pdu_length=28 
src/mibservice.c:101:snmpget(): After packet->pdu_length=114 
src/mibservice.c:103:snmpget(): Before packet->variablebindings_length=14 
src/mibservice.c:105:snmpget(): After packet->variablebindings_length=100 
src/mibservice.c:107:snmpget(): Before packet->varbind_length=12 
src/mibservice.c:109:snmpget(): After packet->varbind_length=98 
src/agent.c:96:create_response(): Output length=129

输出与字符串长度87

src/agent.c:69:parse_request(): Input length=43 
src/agent.c:116:perform_snmp_request(): OID is: 1.3.6.1.2.1.1.1.0 
String length: 87 
src/mibservice.c:90:snmpget(): packet->value_type=04 
src/mibservice.c:91:snmpget(): packet->value_length=57 
src/mibservice.c:93:snmpget(): packet->value_value=61 
... 
src/mibservice.c:93:snmpget(): packet->value_value=64 
src/mibservice.c:95:snmpget(): Before packet->length=41 
src/mibservice.c:97:snmpget(): After packet->length=128 
src/mibservice.c:99:snmpget(): Before packet->pdu_length=28 
src/mibservice.c:101:snmpget(): After packet->pdu_length=115 
src/mibservice.c:103:snmpget(): Before packet->variablebindings_length=14 
src/mibservice.c:105:snmpget(): After packet->variablebindings_length=101 
src/mibservice.c:107:snmpget(): Before packet->varbind_length=12 
src/mibservice.c:109:snmpget(): After packet->varbind_length=99 
src/agent.c:96:create_response(): Output length=130

更新 这里是我的问题可运行的例子。数据包out_buf_0代表有效的SNMP数据包,并可通过UDP发送。数据包out_buf_1是与out_buf_0相同的数据包,其末尾的一个字符多于0x64。此外,由于增加了字符,我提高了所有长度+1。为什么out_buf_1不是有效的SNMP数据包/为什么不能通过UDP发送?注意:SNMP请求无法显示在终端中,因为来自客户端的request idout_buf_0out_buf_1不同,请查看wireshark以查看请求/响应。

#include <stdlib.h> 
#include <stdio.h> 
#include <string.h> 
#include <netdb.h> 
#include <sys/socket.h> 
#include <arpa/inet.h> 

#define MESSAGE_MAX_LEN 1500 /* MTU, IEEE Std 802.3TM-2015 */ 
#define PORT 161 /* RFC 1157 */ 

int out_buf_0_len = 129; /* 0x7f + 2 */ 
char out_buf_0[] = { 
0x30, /* SNMP Packet start */ 
0x7f, /* SNMP Packet length */ 
0x02, 0x01, 0x00, /* Version */ 
0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, /* Community*/ 
0xa2, /* GetResponsePDU */ 
0x72, /* GetResponsePDU Length */ 
0x02, 0x04, 0x2c, 0x80, 0x7e, 0x2f, /* Request id */ 
0x02, 0x01, 0x00, /*Error status */ 
0x02, 0x01, 0x00, /*Error index */ 
0x30, /* Varbind list start */ 
0x64, /* Varbind list length*/ 
0x30, /* Varbind value start */ 
0x62, /* Varbind value length */ 
0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, /* OID */ 
0x04, /* Value start, type octet-string*/ 
0x56, /* Value length */ 
0x61, 0x73, 0x64, 0x20, 0x61, /* Value */ 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73 }; 

int out_buf_1_len = 130; /* 0x80 + 2 */ 
char out_buf_1[] = { 
0x30, /* SNMP Packet start */ 
0x80, /* SNMP Packet length */ 
0x02, 0x01, 0x00, /* Version */ 
0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, /* Community*/ 
0xa2, /* GetResponsePDU */ 
0x73, /* GetResponsePDU Length */ 
0x02, 0x04, 0x2c, 0x80, 0x7e, 0x2f, /* Request id */ 
0x02, 0x01, 0x00, /*Error status */ 
0x02, 0x01, 0x00, /*Error index */ 
0x30, /* Varbind list start */ 
0x65, /* Varbind list length*/ 
0x30, /* Varbind value start */ 
0x63, /* Varbind value length */ 
0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, /* OID */ 
0x04, /* Value start, type octet-string*/ 
0x57, /* Value length */ 
0x61, 0x73, 0x64, 0x20, 0x61, /* Value */ 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64 }; 

int my_socket; 
struct sockaddr_in remote_addr; 
int socket_create() 
{ 
    printf("Create socket\n"); 
    struct sockaddr_in socket_addr; 
    if ((my_socket = socket(AF_INET, SOCK_DGRAM, 0)) < 0) 
    { 
     printf("Cannot create socket. Exit.\n"); 
     return -1; 
    } 
    memset((char *)&socket_addr, 0, sizeof(socket_addr)); 
    socket_addr.sin_family = AF_INET; 
    socket_addr.sin_addr.s_addr = htonl(INADDR_ANY); 
    socket_addr.sin_port = htons(PORT); 
    if (bind(my_socket, (struct sockaddr *)&socket_addr, sizeof(socket_addr)) < 0) 
    { 
     printf("Bind failed. Exit.\n"); 
     return - 1; 
    } 
    printf("Listen on: %s:%d\n", inet_ntoa(socket_addr.sin_addr), PORT); 
    return 0; 
} 

socklen_t addr_len = sizeof(remote_addr); 
void socket_listen(char *in_buf) 
{ 
    int recv_len; /* Bytes received */ 
    int nbyt; /* Bytes count */ 
    char *out_buf[MESSAGE_MAX_LEN]; 
    int out_len = 0; 

    for (;;) { /* Receive snmp message from snmp manager */ 
     recv_len = recvfrom(my_socket, in_buf, MESSAGE_MAX_LEN, 0, (struct sockaddr *)&remote_addr, &addr_len); 
     if (recv_len > 0) 
      if (sendto(my_socket, out_buf_1, out_buf_1_len, 0, (struct sockaddr *)&remote_addr, addr_len) < 0) 
       printf("Cannot send data to destination.\n"); 
    } 
} 

/* Disable SNMP on local machine. # systemctl stop snmpd 
* Execute main(): gcc <filename>.c && ./a.out 
* Run SNMP Request: $ snmpget -v 1 -c public 0.0.0.0:161 1.3.6.1.2.1.1.1.0 
*/ 
char in_buf[MESSAGE_MAX_LEN]; 
int main(int argc, char **argv) 
{ 
    if (socket_create() == -1) 
     exit(2); 
    socket_listen(in_buf); 
}

整个帧长度包括我的SNMPv1分组out_buf_0是1368个比特,out_buf_1应该1376比特。

来源

2017-08-23 Sam

+3

? 'malloc(packet-> value_length + 1);'在''strcpy'之前为'NUL'终结符加1。或者'packet-> value_length = strlen(value_value)+ 1;'而不是。 –

+0

@WeatherVane问题是一样的,如果我添加+1值长度是错误的。 – Sam

+3

您的程序会超出内存分配并导致UB。 –

回答

0

的SNMP分组长度0x80是错的,请参阅here

的0x80的的ASN.1长度字段是错误的。解码器看到第一个 您的数据包的两个八位字节是0x30 0x80,并从该0x80 确定应该不再有八位字节。然而,还有更多的 八位字节,所以它是一个无效的编码,并且还没有一个有效的SNMP 消息。这里的0x80并不意味着内容的128个八位字节,因为你想要的是 ,这意味着你的长度字段是0x80 &〜0x80 == 0字节长 在这个字节之后。取而代之,0x81意味着您的长度字段为 0x81 &〜0x80 == 1个八位组,后面的0x80个八位组会指示内容长度为128。

那SNMP报文应该如何模样,关了1

char out_buf_1[] = { 
0x30, /* SNMP Packet start */ 
0x81, 0x80, /* SNMP Packet length */ 
0x02, 0x01, 0x00, /* Version */ 
0x04, 0x06, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, /* Community*/ 
0xa2, /* GetResponsePDU */ 
0x73, /* GetResponsePDU Length */ 
0x02, 0x04, 0x2c, 0x80, 0x7e, 0x2f, /* Request id */ 
0x02, 0x01, 0x00, /*Error status */ 
0x02, 0x01, 0x00, /*Error index */ 
0x30, /* Varbind list start */ 
0x65, /* Varbind list length*/ 
0x30, /* Varbind value start */ 
0x63, /* Varbind value length */ 
0x06, 0x08, 0x2b, 0x06, 0x01, 0x02, 0x01, 0x01, 0x01, 0x00, /* OID */ 
0x04, /* Value start, type octet-string*/ 
0x57, /* Value length */ 
0x61, 0x73, 0x64, 0x20, 0x61, /* Value */ 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64, 0x20, 0x61, 0x73, 0x64, 0x20, 0x61, 
0x73, 0x64 };

来源

2017-08-24 23:39:52 Sam

0

由于有人在评论中指出,strcpy是邪恶的,不应该用于任何事情。你的malloc实际上分配了一个比你的原始数组小的数组,因为你没有考虑到结尾的null。当你使用strcpy时,你写了一个尾部为null的分配数组的末尾。

由于您没有包括与数据包结构相关的代码,我不知道它是如何使用的,但如果之后有任何代码需要C空终止的字符串,它可能不会按预期工作。

来源

2017-08-23 23:05:45 bd2357

+0

感谢您的提示! – Sam

+1

'strcpy'不再是邪恶的,而是任何其他库函数都是邪恶的。 ('strncpy'确实会将所有未使用的空间归零)。问题是对所有需要的字符进行适当的计算,包括* nul-terminating *字符。 (这是区分* C字符串*和字符数组*的区别)。如果没有* nul-terminating *字符,'strcpy'会很高兴地继续进入堆栈复制值,直到遇到第一个零偏'0'。用一个合适的* nul-terminated *字符串'strcpy'就完全没问题。 –

相关问题

 相关问题