Added SNMP error code check

src/lib/ndpi_main.c

@@ -7572,6 +7572,7 @@ u_int8_t ndpi_extra_dissection_possible(struct ndpi_detection_module_struct *ndp
     break;
 
   case NDPI_PROTOCOL_KERBEROS:
+  case NDPI_PROTOCOL_SNMP:
     if(flow->extra_packets_func)
       return(1);
     break;

src/lib/protocols/snmp_proto.c

@@ -24,22 +24,44 @@
 
 #include "ndpi_api.h"
 
+static void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
+			     struct ndpi_flow_struct *flow);
+
+/* *************************************************************** */
+
 static void ndpi_int_snmp_add_connection(struct ndpi_detection_module_struct
-					 *ndpi_struct, struct ndpi_flow_struct *flow)
-{
-  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP, NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
+					 *ndpi_struct, struct ndpi_flow_struct *flow) {
+  ndpi_set_detected_protocol(ndpi_struct, flow, NDPI_PROTOCOL_SNMP,
+			     NDPI_PROTOCOL_UNKNOWN, NDPI_CONFIDENCE_DPI);
 }
 
+/* *************************************************************** */
+
+static int ndpi_search_snmp_again(struct ndpi_detection_module_struct *ndpi_struct,
+				      struct ndpi_flow_struct *flow) {
+
+  ndpi_search_snmp(ndpi_struct, flow);
+
+#ifdef SNMP_DEBUG
+  printf("=> %s()\n", __FUNCTION__);
+#endif
+
+  return((flow->extra_packets_func == NULL) /* We're good now */ ? 0 : 1);
+}
+
+/* *************************************************************** */
+
 void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
 		      struct ndpi_flow_struct *flow) {
   struct ndpi_packet_struct *packet = &ndpi_struct->packet;
   u_int16_t snmp_port = htons(161), trap_port = htons(162);
+  u_int8_t version;
   
   if((packet->payload_packet_len <= 32)
      ||(packet->payload[0] != 0x30)
-     || ((packet->payload[4] != 0 /* SNMPv1 */)
-	 && (packet->payload[4] != 1 /* SNMPv2c */)
-	 && (packet->payload[4] != 3 /* SNMPv3 */))
+     || (((version = packet->payload[4]) != 0 /* SNMPv1 */)
+	 && ((version = packet->payload[4]) != 1 /* SNMPv2c */)
+	 && ((version = packet->payload[4]) != 3 /* SNMPv3 */))
      || ((packet->udp->source != snmp_port)
 	 && (packet->udp->dest != snmp_port)
 	 && (packet->udp->dest != trap_port))
@@ -47,11 +69,47 @@ void ndpi_search_snmp(struct ndpi_detection_module_struct *ndpi_struct,
      || ((packet->payload[1] + 2) != packet->payload_packet_len)) {
     NDPI_EXCLUDE_PROTO(ndpi_struct, flow);
   } else {
+    if((version == 0) || (version == 1)) {
+      u_int8_t community_len = packet->payload[6];
+      u_int8_t snmp_primitive_offset = 7 + community_len;
+
+      if(snmp_primitive_offset < packet->payload_packet_len) {
+	u_int8_t snmp_primitive = packet->payload[snmp_primitive_offset] & 0xF;
+
+	if(snmp_primitive == 2 /* Get Response */) {
+	  u_int8_t error_status_offset = 17 + community_len;
+	  
+	  if(error_status_offset < packet->payload_packet_len) {
+	    u_int8_t error_status = packet->payload[error_status_offset];
+
+#ifdef SNMP_DEBUG
+	    printf("-> %u [offset: %u][primitive: %u]\n",
+		   error_status, error_status_offset, snmp_primitive);
+#endif
+	    
+	    flow->extra_packets_func = NULL; /* We're good now */
+
+	    if(error_status != 0)
+	      ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
+	  }
+	}
+      }
+    }
+
     ndpi_int_snmp_add_connection(ndpi_struct, flow);
+
+    if(flow->extra_packets_func == NULL) {
+      /* This is necessary to inform the core to call this dissector again */
+      flow->check_extra_packets = 1;
+      flow->max_extra_packets_to_check = 8;
+      flow->extra_packets_func = ndpi_search_snmp_again;
+    }
+    
     return;    
   }
 }
 
+/* *************************************************************** */
 
 void init_snmp_dissector(struct ndpi_detection_module_struct *ndpi_struct,
 			 u_int32_t *id, NDPI_PROTOCOL_BITMASK *detection_bitmask) {