trapqueueprocessor.java

来自「opennms得相关源码 请大家看看」· Java 代码 · 共 954 行 · 第 1/3 页

//
// This file is part of the OpenNMS(R) Application.
//
// OpenNMS(R) is Copyright (C) 2002-2003 The OpenNMS Group, Inc.  All rights reserved.
// OpenNMS(R) is a derivative work, containing both original code, included code and modified
// code that was published under the GNU General Public License. Copyrights for modified 
// and included code are below.
//
// OpenNMS(R) is a registered trademark of The OpenNMS Group, Inc.
//
// Modifications:
//
// 2005 Jan 11: Added a check to insure V2 traps had TIMTICKS varbind.
// 2003 Aug 21: Modifications to support ScriptD.
// 2003 Feb 28: Small fix for null terminated strings in traps.
// 2003 Jan 31: Cleaned up some unused imports.
// 2003 Jan 08: Added code to associate IP addresses from traps with nodes.
// 2002 Nov 29: Fixed a small bug in trap handler. Bug #676.
// 2002 Jul 18: Added a check for bad varbind from Extreme traps.
//
// Original code base Copyright (C) 1999-2001 Oculan Corp.  All rights reserved.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.                                                            
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
//       
// For more information contact: 
//      OpenNMS Licensing       <license@opennms.org>
//      http://www.opennms.org/
//      http://www.opennms.com/
//
// Tab Size = 8
//

package org.opennms.netmgt.trapd;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;

import org.apache.log4j.Category;
import org.opennms.core.fiber.PausableFiber;
import org.opennms.core.queue.FifoQueue;
import org.opennms.core.queue.FifoQueueException;
import org.opennms.core.utils.ThreadCategory;
import org.opennms.netmgt.eventd.EventIpcManagerFactory;
import org.opennms.netmgt.xml.event.Event;
import org.opennms.netmgt.xml.event.Parm;
import org.opennms.netmgt.xml.event.Parms;
import org.opennms.netmgt.xml.event.Snmp;
import org.opennms.netmgt.xml.event.Value;
import org.opennms.protocols.ip.IPv4Address;
import org.opennms.protocols.snmp.SnmpCounter32;
import org.opennms.protocols.snmp.SnmpCounter64;
import org.opennms.protocols.snmp.SnmpGauge32;
import org.opennms.protocols.snmp.SnmpIPAddress;
import org.opennms.protocols.snmp.SnmpInt32;
import org.opennms.protocols.snmp.SnmpNull;
import org.opennms.protocols.snmp.SnmpObjectId;
import org.opennms.protocols.snmp.SnmpOctetString;
import org.opennms.protocols.snmp.SnmpOpaque;
import org.opennms.protocols.snmp.SnmpPduPacket;
import org.opennms.protocols.snmp.SnmpPduTrap;
import org.opennms.protocols.snmp.SnmpSMI;
import org.opennms.protocols.snmp.SnmpSyntax;
import org.opennms.protocols.snmp.SnmpTimeTicks;

/**
 * The TrapQueueProcessor handles the conversion of V1 and V2 traps to events
 * and sending them out the JSDT channel that eventd is listening on
 * 
 * @author <A HREF="mailto:weave@oculan.com">Brian Weaver </A>
 * @author <A HREF="mailto:sowmya@opennms.org">Sowmya Nataraj </A>
 * @author <A HREF="mailto:larry@opennms.org">Lawrence Karnowski </A>
 * @author <A HREF="mailto:mike@opennms.org">Mike Davidson </A>
 * @author <A HREF="mailto:tarus@opennms.org">Tarus Balog </A>
 * @author <A HREF="http://www.opennms.org">OpenNMS.org </A>
 * 
 */
class TrapQueueProcessor implements Runnable, PausableFiber {
    /**
     * The sysUpTimeOID, which should be the first varbind in a V2 trap
     */
    private static final String SNMP_SYSUPTIME_OID = ".1.3.6.1.2.1.1.3.0";

    /**
     * The sysUpTimeOID, which should be the first varbind in a V2 trap, but in
     * the case of Extreme Networks only mostly
     */
    private static final String EXTREME_SNMP_SYSUPTIME_OID = ".1.3.6.1.2.1.1.3";

    /**
     * The snmpTrapOID, which should be the second varbind in a V2 trap
     */
    private static final String SNMP_TRAP_OID = ".1.3.6.1.6.3.1.1.4.1.0";

    /** 
	OID For snort, to trick the interface settings, varbind 13 will be 
	the address for the event
    */

    private static final String SNORT_OID = ".1.3.6.1.4.1.10234.2.1.3.3";
    private static final String SNORT_SENSOR = ".1.3.6.1.4.1.10234.2.1.1.1.6";
    private static final String SNORT_SCAN_TARGET = ".1.3.6.1.4.1.10234.2.1.2.1.9";
    private static final String SNORT_ATTACK_TARGET = ".1.3.6.1.4.1.10234.2.1.2.1.7";
    private static final String SNORT_PROTO = ".1.3.6.1.4.1.10234.2.1.2.1.28";
  

    /**
     * The snmp trap enterprise OID, which if present in a V2 trap is the last
     * varbind.
     * 
     * ref - book 'SNMP, SNMPv2, SNMPv3..' by William Stallings, third edition,
     * section 13.1.3
     */
    private static final String SNMP_TRAP_ENTERPRISE_ID = ".1.3.6.1.6.3.1.1.4.3.0";

    /**
     * The snmpTraps value to be used in case a standard trap comes in without
     * the SNMP_TRAP_ENTERPRISE_ID as the last varbind.
     */
    private static final String SNMP_TRAPS = ".1.3.6.1.6.3.1.1.5";

    /**
     * The standard traps list
     */
    private static final ArrayList GENERIC_TRAPS;

    /**
     * The snmp sysUpTime OID is the first varbind
     */
    private static final int SNMP_SYSUPTIME_OID_INDEX = 0;

    /**
     * The snmp trap OID is the second varbind
     */
    private static final int SNMP_TRAP_OID_INDEX = 1;

    /**
     * The dot separator in an OID
     */
    private static final char DOT_CHAR = '.';

    /**
     * The input queue
     */
    private FifoQueue m_backlogQ;

    /**
     * The name of the local host.
     */
    private String m_localAddr;

    /**
     * Current status of the fiber
     */
    private int m_status;

    /**
     * The thread that is executing the <code>run</code> method on behalf of
     * the fiber.
     */
    private Thread m_worker;

    /**
     * Whether or not a newSuspect event should be generated with a trap from an
     * unknown IP address
     */
    private boolean m_newSuspect;

    /**
     * Create the standard traps list - used in v2 processing
     */
    static {
        GENERIC_TRAPS = new ArrayList();
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.1")); // coldStart
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.2")); // warmStart
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.3")); // linkDown
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.4")); // linkUp
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.5")); // authenticationFailure
        GENERIC_TRAPS.add(new SnmpObjectId("1.3.6.1.6.3.1.1.5.6")); // egpNeighborLoss
    }

    /**
     * Process a V2 trap and convert it to an event for transmission.
     * 
     * <p>
     * From RFC2089 ('Mapping SNMPv2 onto SNMPv1'), section 3.3 ('Processing an
     * outgoing SNMPv2 TRAP')
     * </p>
     * 
     * <p>
     * <strong>2b </strong>
     * <p>
     * If the snmpTrapOID.0 value is one of the standard traps the specific-trap
     * field is set to zero and the generic trap field is set according to this
     * mapping:
     * <p>
     * 
     * <pre>
     * 
     *       value of snmpTrapOID.0                generic-trap
     *       ===============================       ============
     *       1.3.6.1.6.3.1.1.5.1 (coldStart)                  0
     *       1.3.6.1.6.3.1.1.5.2 (warmStart)                  1
     *       1.3.6.1.6.3.1.1.5.3 (linkDown)                   2
     *       1.3.6.1.6.3.1.1.5.4 (linkUp)                     3
     *       1.3.6.1.6.3.1.1.5.5 (authenticationFailure)      4
     *       1.3.6.1.6.3.1.1.5.6 (egpNeighborLoss)            5
     *  
     * </pre>
     * 
     * <p>
     * The enterprise field is set to the value of snmpTrapEnterprise.0 if this
     * varBind is present, otherwise it is set to the value snmpTraps as defined
     * in RFC1907 [4].
     * </p>
     * 
     * <p>
     * <strong>2c. </strong>
     * </p>
     * <p>
     * If the snmpTrapOID.0 value is not one of the standard traps, then the
     * generic-trap field is set to 6 and the specific-trap field is set to the
     * last subid of the snmpTrapOID.0 value.
     * </p>
     * 
     * <p>
     * If the next to last subid of snmpTrapOID.0 is zero, then the enterprise
     * field is set to snmpTrapOID.0 value and the last 2 subids are truncated
     * from that value. If the next to last subid of snmpTrapOID.0 is not zero,
     * then the enterprise field is set to snmpTrapOID.0 value and the last 1
     * subid is truncated from that value.
     * </p>
     * 
     * <p>
     * In any event, the snmpTrapEnterprise.0 varBind (if present) is ignored in
     * this case.
     * </p>
     * 
     * @param info
     *            V2 trap
     */
    private void process(Trapd.V2TrapInformation info) {
        Category log = ThreadCategory.getInstance(getClass());

        SnmpPduPacket pdu = info.getPdu();
        InetAddress agent = info.getAgent();

        //
        // verify the type
        //
        if (pdu.typeId() != (byte) (SnmpPduPacket.V2TRAP)) {
            // if not V2 trap, do nothing
            log.warn("Recieved not SNMPv2 Trap from host " + agent.getHostAddress());
            log.warn("PDU Type = " + pdu.getCommand());
            return;
        }

        //
        // get the address converted
        //
        IPv4Address addr = new IPv4Address(agent);
        String trapInterface = addr.toString();

        Event event = new Event();
        event.setSource("trapd");
        event.setHost(trapInterface);
        event.setSnmphost(trapInterface);
        event.setInterface(trapInterface);
        event.setTime(org.opennms.netmgt.EventConstants.formatToString(new java.util.Date()));

        String ipNodeId = TrapdIPMgr.getNodeId(trapInterface);

        if (ipNodeId != null) {
            int intNodeId = Integer.parseInt(ipNodeId);
            event.setNodeid((long) intNodeId);
        }

        if (log.isDebugEnabled())
            log.debug("V2 trap - trapInterface: " + trapInterface);

        //
        // set the information
        //
        int numVars = pdu.getLength();
        if (log.isDebugEnabled())
            log.debug("V2 trap numVars or pdu length: " + numVars);
        if (numVars >= 2) // check number of varbinds
        {
            //
            // The first varbind has the sysUpTime
            // Modify the sysUpTime varbind to add the trailing 0 if it is
            // missing
            // The second varbind has the snmpTrapOID
            // Confirm that these two are present
            //
            String varBindName0 = pdu.getVarBindAt(0).getName().toString();
            String varBindName1 = pdu.getVarBindAt(1).getName().toString();
            if (varBindName0.equals(EXTREME_SNMP_SYSUPTIME_OID)) {
                log.info("V2 trap from " + trapInterface + " has been corrected due to the sysUptime.0 varbind not having been sent with a trailing 0.\n\tVarbinds received are : " + varBindName0 + " and " + varBindName1);
                varBindName0 = SNMP_SYSUPTIME_OID;
            }

            if ((!(varBindName0.equals(SNMP_SYSUPTIME_OID))) || (!(varBindName1.equals(SNMP_TRAP_OID)))) {
                log.info("V2 trap from " + trapInterface + " IGNORED due to not having the required varbinds.\n\tThe first varbind must be sysUpTime.0 and the second snmpTrapOID.0\n\tVarbinds received are : " + varBindName0 + " and " + varBindName1);
                return;
            }