30.10 SNMP Message Format
Unlike most TCP/IP protocols, SNMP messages do not have fixed fields. Instead, they use the standard ASN.1 encoding. Thus, a message can be difficult for humans to decode and understand. After examining the SNMP message definition in ASN.1 notation, we will review the ASN.l encoding scheme briefly, and see an example of an encoded SNMP message. Figure 30.7 shows how an SNMP message can be described with an ASN.l-style grammar. In general, each item in the grammar consists of a descriptive name followed by a declaration of the item's type. For example, an item such as
msgversion INTEGER (0..2147483647)
declares the name msgversion to be a nonnegative integer less than or equal to 2147483647.
As the figure shows, each SNMP message consists of four main parts: an integer that identifies the protocol version, additional header data, a set of security parameters, and a data area that carries the payload. A precise definition must be supplied for each of the terms used. For example, Figure 30.8 illustrates how the contents of the Header-Data section can be specified.
The data area in an SNMP message is divided into protocol data units (PDUs). Each PDU consists of a request (sent by client) or a response (sent by an agent). SNMPv3 allows each PDU to be sent as plain text or to be encrypted for privacy. Thus, the grammar specifies a CHOICE. In programming language terminology, the concept is known as a discriminated union.
ScopedPduData ::= CHOICE {
plaintext ScopedPDU,
encryptedPDU OCTET STRING -- encrypted ScopedPDU value
}
An encrypted PDU begins with an identifier of the engine7that produced it. The engine ID is followed by the name of the context and the octets of the encrypted message.
ScopedPDU ::= SEQUENCE {
contextEngineID OCTET STRING,
ontextName OCTET STRING,
data ANY -- e.g., a PDU as defined below
}
The item labeled data in the ScopedPDU definition has a type ANY because field contextName defines the exact details of the item. The SNMPv3 Message Processing Model (v3MP) specifies that the data must consist of one of the SNMP PDUs as Figure 30.9 illustrates:
The definition specifies that each protocol data unit consists of one of eight types. To complete the definition of an SNMP message, we must further specify the syntax of the eight individual types. For example, Figure 30.10 shows the definition of a getrequest.
Further definitions in the standard specify the remaining undefined terms. Both error-status and error-index are single octet integers which contain the value zero in a request. If an error occurs, the values sent in a response identify the cause of the error. Finally, VarBindList contains a list of object identifiers for which the client seeks values. In ASN.l terms, the definitions specify that VarBindList is a sequence of pairs of object name and value. ASN.l represents the pairs as a sequence of two items. Thus, in the simplest possible request, VarBindList is a sequence of two items: a name and a null.
7 SNMF'v3 distinguishes between an application that uses the service SNMP supplies and an engine, which is the underlying software that transmits requests and receives responses.
Abstract from Internetworking With TCP/IP Vol I: Principles, Protocols, and Architecture Fourth Edition,
DOUGLAS E. COMER,
Department of Computer Sciences Purdue University, West Lafayette, IN 47907,
PRENTICE HALL,
Upper Saddle River, New Jersey 07458