Low-level way of fetching UDP datagram as a unit

[John Ramsden]

I am writing an SNMP trap handler, using Graham Barr's Convert::BER
module (which looks excellent, from what I can see) to translate the
PDUs from binary to a manageable structure.

When reading raw traps from a socket connection, Convert::BER relies
on the datagram length which appears near the start of the raw trap
string.

But, as Barr points out in a source code comment, what is to stop a
hacker (or just an erroneous program) sending to an SNMP trap port
an SNMP trap datagram with a length longer than tha actual length
of the datagram, thus causing the trap handler to hang while it
waits for the rest of the datagram which may never appear?

Anyway, apart from using a timeout, I was wondering if there is some
lower-level Perl (or any) method of reading an UDP datagrams as a
unit, so that this problem cannot arise.

Also, I need solutions for Unix and Windows if possible, even if a
different approach must be used for each.


Cheers

John Ramsden ([email protected])

 

[Benjamin Goldberg]

I am writing an SNMP trap handler, using Graham Barr's Convert::BER
module (which looks excellent, from what I can see) to translate the
PDUs from binary to a manageable structure.

When reading raw traps from a socket connection, Convert::BER relies
on the datagram length which appears near the start of the raw trap
string.

But, as Barr points out in a source code comment, what is to stop a
hacker (or just an erroneous program) sending to an SNMP trap port
an SNMP trap datagram with a length longer than tha actual length
of the datagram, thus causing the trap handler to hang while it
waits for the rest of the datagram which may never appear?

I don't know anything about SNMP, so this is off the top of my head...

A udp datagram arrives in full, or not at all. Thus, "wait for the rest
of the datagram" doesn't make sense, if it's referring to a udp
datagram.

Thus, you must mean, "waits for the rest of the PDU," which I assume is
allowed to consist of multiple UDP packets.

UDP is an *unreliable* datagram protocol. So, it's quite possible that
even in normal operation (not involving evil hackers, or erroneous
programs), one or more UDPs get lost (or rearranged). One would hope
that SNMP specifies how to deal with getting a UDP packet which starts a
PDU, but losing the rest of the PDU.

Whatever one does in *that* situation, also applies to an evil hacker,
or an erroneous program, sending you a bad packet.

Anyway, apart from using a timeout, I was wondering if there is some
lower-level Perl (or any) method of reading an UDP datagrams as a
unit, so that this problem cannot arise.

Use the recv() system call, and you'll get a UDP datagram as a unit.

What in the world are you using which might possibly give you only part
of a UDP datagram?

Also, I need solutions for Unix and Windows if possible, even if a
different approach must be used for each.

If Windows implements udp, then you'll have the recv system call.

 

[James Willmore]

Anyway, apart from using a timeout, I was wondering if there is some
lower-level Perl (or any) method of reading an UDP datagrams as a
unit, so that this problem cannot arise.

Also, I need solutions for Unix and Windows if possible, even if a
different approach must be used for each.

There are several module on CPAN that could help - including one for SNMP.
http://search.cpan.org/

HTH

Jim