/* * ***** BEGIN LICENSE BLOCK ***** Copyright (C) 2022 Olof Hagsand and Kristofer Hallin This file is part of CLIXON. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. Alternatively, the contents of this file may be used under the terms of the GNU General Public License Version 3 or later (the "GPL"), in which case the provisions of the GPL are applicable instead of those above. If you wish to allow use of your version of this file only under the terms of the GPL, and not to allow others to use your version of this file under the terms of Apache License version 2, indicate your decision by deleting the provisions above and replace them with the notice and other provisions required by the GPL. If you do not delete the provisions above, a recipient may use your version of this file under the terms of any one of the Apache License version 2 or the GPL. ***** END LICENSE BLOCK ***** * See RFC 6643 * Extensions are grouped in some categories, the one I have seen are, example: * 1. leaf * smiv2:max-access "read-write"; * smiv2:oid "1.3.6.1.4.1.8072.2.1.1"; * smiv2:defval "42"; (not always) * 2. container, list * smiv2:oid "1.3.6.1.4.1.8072.2.1"; * 3. module level * smiv2:alias "netSnmpExamples" { * smiv2:oid "1.3.6.1.4.1.8072.2"; * * SNMP messages: * 160 MODE_GETNEXT / SNMP_MSG_GET * 161 MODE_GET / SNMP_MSG_GETNEXT * 0 MODE_SET_RESERVE1 * 1 MODE_SET_RESERVE2 * 2 MODE_SET_ACTION * 3 MODE_SET_COMMIT */ #ifdef HAVE_CONFIG_H #include "clixon_config.h" /* generated by config & autoconf */ #endif #include #include #include #include #include #include #include #include /* net-snmp */ #include #include #include /* cligen */ #include /* clicon */ #include #include "snmp_lib.h" #include "snmp_mib_yang.h" #define IETF_YANG_SMIV2_NS "urn:ietf:params:xml:ns:yang:ietf-yang-smiv2" /* * Local Types */ /* Userdata to pass around in netsmp callbacks */ struct clixon_snmp_handle { clicon_handle sh_h; yang_stmt *sh_ys; oid sh_oid[MAX_OID_LEN]; /* OID for debug, may be removed? */ size_t sh_oidlen; char *sh_default; /* MIB default value leaf only */ netsnmp_table_data_set *sh_table; /* table struct, table only */ }; typedef struct clixon_snmp_handle clixon_snmp_handle; int clixon_table_create(netsnmp_table_data_set *table, yang_stmt *ys, clicon_handle h) { cvec *nsc = NULL; cxobj *xt = NULL; cbuf *cb = NULL; cxobj *xerr; char *xpath; cxobj *xtable; cxobj *xe; cxobj *xleaf; int i; char *valstr; netsnmp_table_row *row, *tmprow; if (xml_nsctx_yang(ys, &nsc) < 0) goto done; /* XXX just for yang2xpath */ if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); goto done; } if (yang2xpath(ys, cb) < 0) goto done; xpath = cbuf_get(cb); if (clicon_rpc_get(h, xpath, nsc, CONTENT_ALL, -1, &xt) < 0) goto done; if ((xerr = xpath_first(xt, NULL, "/rpc-error")) != NULL){ clixon_netconf_error(xerr, "clicon_rpc_get", NULL); goto done; } netsnmp_table_dataset_add_index(table, ASN_OCTET_STR); netsnmp_table_set_multi_add_default_row(table, 2, ASN_OCTET_STR, 1, NULL, 0, 3, ASN_OCTET_STR, 1, NULL, 0, 0); if ((xtable = xpath_first(xt, nsc, "%s", xpath)) != NULL) { for (tmprow = table->table->first_row; tmprow; tmprow = tmprow->next) netsnmp_table_dataset_remove_and_delete_row(table, tmprow); xe = NULL; /* Loop thru entries in table */ while ((xe = xml_child_each(xtable, xe, CX_ELMNT)) != NULL) { row = netsnmp_create_table_data_row(); xleaf = NULL; /* Loop thru leafs in entry */ i = 1; /* tableindex start at 1 */ while ((xleaf = xml_child_each(xe, xleaf, CX_ELMNT)) != NULL) { valstr = xml_body(xleaf); if (i == 1) // Assume first netry is key XXX should check YANG netsnmp_table_row_add_index(row, ASN_OCTET_STR, valstr, strlen(valstr)); else{ netsnmp_set_row_column(row, i, ASN_OCTET_STR, valstr, strlen(valstr)); netsnmp_mark_row_column_writable(row, i, 1); } i++; } netsnmp_table_dataset_add_row(table, row); } } done: if (xt) xml_free(xt); if (nsc) xml_nsctx_free(nsc); if (cb) cbuf_free(cb); return 0; } /*! SNMP table operation handlre * Callorder: 161,160,.... 0, 1,2,3, 160,161,... * see https://net-snmp.sourceforge.io/dev/agent/data_set_8c-example.html#_a0 */ int snmp_table_handler(netsnmp_mib_handler *handler, netsnmp_handler_registration *nhreg, netsnmp_agent_request_info *reqinfo, netsnmp_request_info *requests) { int retval = -1; clixon_snmp_handle *sh; netsnmp_table_data_set *table; yang_stmt *ys; clicon_handle h; yang_stmt *ylist; cvec *nsc = NULL; cxobj *xt = NULL; cbuf *cb = NULL; clicon_debug(1, "%s %s %s", __FUNCTION__, handler->handler_name, snmp_msg_int2str(reqinfo->mode)); sh = (clixon_snmp_handle*)nhreg->my_reg_void; ys = sh->sh_ys; h = sh->sh_h; table = sh->sh_table; if ((ylist = yang_find(ys, Y_LIST, NULL)) == NULL) goto ok; clixon_table_create(table, ys, h); switch(reqinfo->mode){ case MODE_GETNEXT: // 160 break; case MODE_GET: // 160 case MODE_SET_RESERVE1: case MODE_SET_RESERVE2: case MODE_SET_ACTION: case MODE_SET_COMMIT: break; } ok: retval = SNMP_ERR_NOERROR; //done: if (xt) xml_free(xt); if (cb) cbuf_free(cb); if (nsc) xml_nsctx_free(nsc); return retval; } /*! SNMP Scalar operation handler * Calls order: READ:160, * WRITE: 0, 1, 2, 3, * MODE_SET_RESERVE1, MODE_SET_RESERVE2, MODE_SET_ACTION, MODE_SET_COMMIT * */ int snmp_scalar_handler(netsnmp_mib_handler *handler, netsnmp_handler_registration *nhreg, netsnmp_agent_request_info *reqinfo, netsnmp_request_info *requests) { int retval = -1; clixon_snmp_handle *sh; yang_stmt *ys; clicon_handle h; cbuf *cb = NULL; cg_var *cv = NULL; cxobj *xt = NULL; cxobj *xerr; cvec *nsc = NULL; cxobj *x; char *xpath; int asn1_type; enum cv_type cvtype; char *valstr; u_char *snmpval = NULL; size_t snmplen; int ret; netsnmp_variable_list *requestvb; /* sub of requests */ /* * can be used to pass information on a per-pdu basis from a * helper to the later handlers netsnmp_agent_request_info *reqinfo, netsnmp_data_list *agent_data; netsnmp_free_agent_data_set() */ requestvb = requests->requestvb; if (0) fprintf(stderr, "%s %s %s\n", __FUNCTION__, handler->handler_name, snmp_msg_int2str(reqinfo->mode) ); if (0) fprintf(stderr, "inclusive:%d\n", requests->inclusive ); clicon_debug(1, "%s %s %s %d", __FUNCTION__, handler->handler_name, snmp_msg_int2str(reqinfo->mode), requests->inclusive); sh = (clixon_snmp_handle*)nhreg->my_reg_void; ys = sh->sh_ys; h = sh->sh_h; // fprint_objid(stderr, nhreg->rootoid, nhreg->rootoid_len); assert(sh->sh_oidlen == requestvb->name_length); assert(requestvb->name_length == nhreg->rootoid_len); assert(snmp_oid_compare(sh->sh_oid, sh->sh_oidlen, requestvb->name, requestvb->name_length) == 0); assert(snmp_oid_compare(requestvb->name, requestvb->name_length, nhreg->rootoid, nhreg->rootoid_len) == 0); #if 0 /* If oid match fails */ netsnmp_set_request_error(reqinfo, requests, SNMP_NOSUCHOBJECT); return SNMP_ERR_NOERROR; #endif if (yang2snmp_types(ys, &asn1_type, &cvtype) < 0) goto done; /* see net-snmp/agent/snmp_agent.h / net-snmp/library/snmp.h */ switch (reqinfo->mode) { case MODE_GET: // 160 requestvb->type = asn1_type; // ASN_NULL on input /* get xpath: see yang2api_path_fmt / api_path2xpath New fn: yang2xpath? clicon_rpc_get() " */ if (xml_nsctx_yang(ys, &nsc) < 0) goto done; /* XXX just for yang2xpath */ if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); goto done; } if (yang2xpath(ys, cb) < 0) goto done; xpath = cbuf_get(cb); if (clicon_rpc_get(h, xpath, nsc, CONTENT_ALL, -1, &xt) < 0) goto done; if ((xerr = xpath_first(xt, NULL, "/rpc-error")) != NULL){ clixon_netconf_error(xerr, "clicon_rpc_get", NULL); goto done; } /* Get value, either from xml, or smiv2 default */ if ((x = xpath_first(xt, nsc, "%s", xpath)) != NULL) { valstr = xml_body(x); } else if ((valstr = sh->sh_default) != NULL) ; else{ netsnmp_set_request_error(reqinfo, requests, SNMP_NOSUCHINSTANCE); goto ok; } if ((ret = type_yang2snmp(valstr, cvtype, reqinfo, requests, &snmpval, &snmplen)) < 0) goto done; if (ret == 0) goto ok; /* 1. use cligen object and get rwa buf / size from that, OR * + have parse function from YANG * - does not have * 2. use union netsnmp_vardata and pass that here? * 3. Make cv2asn1 conversion function <-- */ /* see snmplib/snmp_client.c */ if (snmp_set_var_value(requestvb, snmpval, snmplen) != 0){ clicon_err(OE_SNMP, 0, "snmp_set_var_value"); goto done; } break; case MODE_GETNEXT: // 161 assert(0); // Not seen? break; case MODE_SET_RESERVE1: // 0 if (requestvb->type != asn1_type) netsnmp_set_request_error(reqinfo, requests, SNMP_ERR_WRONGTYPE); break; case MODE_SET_RESERVE2: // 1 break; case MODE_SET_ACTION: // 2 /* * update current */ /* yang2xpath -> xpath2xml * accesses = *(requestvb->val.integer); * rpc edit-config */ if ((cb = cbuf_new()) == NULL){ clicon_err(OE_UNIX, errno, "cbuf_new"); goto done; } /*! XXX only int */ cprintf(cb, "%ld", *requestvb->val.integer); if (clicon_rpc_edit_config(h, "candidate", OP_MERGE, cbuf_get(cb)) < 0) goto done; break; case MODE_SET_UNDO: // 5 if (clicon_rpc_discard_changes(h) < 0) goto done; break; case MODE_SET_COMMIT: // 3 if (clicon_rpc_commit(h) < 0) goto done; break; case MODE_SET_FREE: // 4 /* * nothing to do */ break; } ok: retval = SNMP_ERR_NOERROR; done: if (snmpval) free(snmpval); if (xt) xml_free(xt); if (nsc) xml_nsctx_free(nsc); if (cv) cv_free(cv); if (cb) cbuf_free(cb); return retval; } /*! Parse smiv2 extensions for YANG container/list * * Typical table: * container x { * smiv2:oid "1.3.6.1.4.1.8072.2.2.1"; * list y{ * * } * } * @param[in] h Clixon handle * @param[in] ys Mib-Yang node * @retval 0 OK * @retval -1 Error */ static int mib_yang_table(clicon_handle h, yang_stmt *ys) { int retval = -1; netsnmp_handler_registration *nhreg; netsnmp_table_data_set *table; char *oidstr = NULL; oid oid1[MAX_OID_LEN] = {0,}; size_t sz1 = MAX_OID_LEN; char *name; clixon_snmp_handle *sh; int ret; /* Get OID from parent container */ if (yang_extension_value(ys, "oid", IETF_YANG_SMIV2_NS, NULL, &oidstr) < 0) goto done; if (oidstr == NULL) goto ok; if (snmp_parse_oid(oidstr, oid1, &sz1) == NULL){ clicon_err(OE_SNMP, 0, "snmp_parse_oid"); goto done; } name = yang_argument_get(ys); if ((table = netsnmp_create_table_data_set(name)) == NULL){ clicon_err(OE_SNMP, errno, "netsnmp_create_table_data_set"); goto done; } /* Userdata to pass around in netsmp callbacks * XXX: not deallocated */ if ((sh = malloc(sizeof(*sh))) == NULL){ clicon_err(OE_UNIX, errno, "malloc"); goto done; } memset(sh, 0, sizeof(*sh)); sh->sh_h = h; sh->sh_ys = ys; sh->sh_table = table; memcpy(sh->sh_oid, oid1, sizeof(oid1)); sh->sh_oidlen = sz1; clixon_table_create(table, ys, h); if ((nhreg = netsnmp_create_handler_registration(name, snmp_table_handler, oid1, sz1, HANDLER_CAN_RWRITE)) == NULL){ clicon_err(OE_SNMP, errno, "netsnmp_create_handler_registration"); goto done; } nhreg->my_reg_void = sh; if ((ret = netsnmp_register_table_data_set(nhreg, table, NULL)) != SNMPERR_SUCCESS){ //XXX err return? clicon_err(OE_SNMP, ret, "netsnmp_register_table_data_set"); // goto done; } (void)netsnmp_register_auto_data_table(table, NULL); clicon_debug(1, "%s %s registered", __FUNCTION__, oidstr); ok: retval = 0; done: return retval; } /*! Parse smiv2 extensions for YANG leaf * Typical leaf: * smiv2:oid "1.3.6.1.4.1.8072.2.1.1"; * smiv2:max-access "read-write"; * smiv2:defval "42"; (optional) * @param[in] h Clixon handle * @param[in] ys Mib-Yang node * @retval 0 OK * @retval -1 Error */ static int mib_yang_leaf(clicon_handle h, yang_stmt *ys) { int retval = -1; netsnmp_handler_registration *nhreg = NULL; netsnmp_mib_handler *handler; int ret; char *modes_str = NULL; char *default_str = NULL; char *oidstr = NULL; oid oid1[MAX_OID_LEN] = {0,}; size_t sz1 = MAX_OID_LEN; int modes; char *name; clixon_snmp_handle *sh; /* Get OID from leaf */ if (yang_extension_value(ys, "oid", IETF_YANG_SMIV2_NS, NULL, &oidstr) < 0) goto done; if (oidstr == NULL) goto ok; if (snmp_parse_oid(oidstr, oid1, &sz1) == NULL){ clicon_err(OE_SNMP, 0, "snmp_parse_oid"); goto done; } if (yang_extension_value(ys, "max-access", IETF_YANG_SMIV2_NS, NULL, &modes_str) < 0) goto done; /* Get modes (access) read-only, read-write, not-accessible, oaccessible-for-notify */ if (modes_str == NULL) goto ok; modes = snmp_access_str2int(modes_str); /* SMI default value, How is this different from yang defaults? */ if (yang_extension_value(ys, "defval", IETF_YANG_SMIV2_NS, NULL, &default_str) < 0) goto done; name = yang_argument_get(ys); if ((handler = netsnmp_create_handler(name, snmp_scalar_handler)) == NULL){ clicon_err(OE_SNMP, errno, "netsnmp_create_handler"); goto done; } /* Userdata to pass around in netsmp callbacks * XXX: not deallocated */ if ((sh = malloc(sizeof(*sh))) == NULL){ clicon_err(OE_UNIX, errno, "malloc"); goto done; } memset(sh, 0, sizeof(*sh)); sh->sh_h = h; sh->sh_ys = ys; memcpy(sh->sh_oid, oid1, sizeof(oid1)); sh->sh_oidlen = sz1; sh->sh_default = default_str; if ((nhreg = netsnmp_handler_registration_create(name, handler, oid1, sz1, modes)) == NULL){ clicon_err(OE_SNMP, errno, "netsnmp_handler_registration_create"); netsnmp_handler_free(handler); goto done; } nhreg->my_reg_void =(void*)sh; /* * XXX: nhreg->agent_data */ if ((ret = netsnmp_register_instance(nhreg)) < 0){ /* XXX Failures are MIB_REGISTRATION_FAILED and MIB_DUPLICATE_REGISTRATION. */ clicon_err(OE_SNMP, ret, "netsnmp_register_instance"); goto done; } clicon_debug(1, "%s %s registered", __FUNCTION__, oidstr); ok: retval = 0; done: return retval; } /*! Traverse mib-yang tree, identify scalars and tables, register OID and callbacks * * The tree is traversed depth-first, which at least guarantees that a parent is * traversed before a child. * Extensions are grouped in some categories, the one I have seen are, example: * 1. leaf * smiv2:max-access "read-write"; * smiv2:oid "1.3.6.1.4.1.8072.2.1.1"; * smiv2:defval "42"; (not always) * 2. container, list * smiv2:oid "1.3.6.1.4.1.8072.2.1"; * 3. module level * smiv2:alias "netSnmpExamples" { * smiv2:oid "1.3.6.1.4.1.8072.2"; * @param[in] h Clixon handle * @param[in] yn yang node * @retval 0 OK, all nodes traversed * @retval -1 Error, aborted at first error encounter */ static int mib_traverse(clicon_handle h, yang_stmt *yn) { int retval = -1; yang_stmt *ys = NULL; yang_stmt *yp; int ret; switch(yang_keyword_get(yn)){ case Y_LEAF: if (mib_yang_leaf(h, yn) < 0) goto done; break; case Y_CONTAINER: /* See list case */ break; case Y_LIST: /* If parent is container -> identify as table */ yp = yang_parent_get(yn); if (yang_keyword_get(yp) == Y_CONTAINER){ if (mib_yang_table(h, yp) < 0) goto done; goto ok; /* Dont traverse child leafs further */ } break; default: break; } ys = NULL; while ((ys = yn_each(yn, ys)) != NULL) { if ((ret = mib_traverse(h, ys)) < 0) goto done; if (ret > 0){ retval = ret; goto done; } } ok: retval = 0; done: return retval; } /*! Init mib-translated yangs and register callbacks by traversing the yang * * @þaram[in] h Clixon handle * @retval 0 OK * @retval -1 Error */ int clixon_snmp_mib_yangs(clicon_handle h) { int retval = -1; char *modname; cxobj *x; yang_stmt *yspec; yang_stmt *ymod; /* XXX Hardcoded, replace this with generic MIB */ if ((yspec = clicon_dbspec_yang(h)) == NULL){ clicon_err(OE_FATAL, 0, "No DB_SPEC"); goto done; } x = NULL; while ((x = xml_child_each(clicon_conf_xml(h), x, CX_ELMNT)) != NULL) { if (strcmp(xml_name(x), "CLICON_SNMP_MIB") != 0) continue; if ((modname = xml_body(x)) == NULL) continue; clicon_debug(1, "%s %s: \"%s\"", __FUNCTION__, xml_name(x), modname); /* Note, here we assume the Yang is loaded by some other mechanism and * error if it not found. * Alternatively, that YANG could be loaded. * Problem is, if clixon_snmp has not loaded it, has backend done it? * What happens if backend has not loaded it? */ if ((ymod = yang_find(yspec, Y_MODULE, modname)) == NULL){ clicon_err(OE_YANG, 0, "Mib-translated-yang %s not loaded", modname); goto done; } /* Recursively traverse the mib-yang to find extensions */ if (mib_traverse(h, ymod) < 0) goto done; } retval = 0; done: return retval; }