Search code examples
snmpnet-snmpasn.1

Confused about RFC 1155, RFC 1157 and ASN.1

  • RFC 1155 - Section 3.2.1, p. 7: Four ASN.1 primitive types INTEGER, OCTET STRING, OBJECT IDENTIFIER, and NULL.
  • RFC 1155 - Section 6, p. 18: IpAdrress is an IMPLICIT OCTET STRING (SIZE (4)).
  • RFC 1155 - Section 6, p. 18: NetworkAddress is an IpAddress.
  • RFC 1157 - Section 4.1.6, p. 26: An agent-addr is a NetworkAddress which is an IpAddress

ASN.1 BER represent an OCTET STRING as 0x04. The data type of the TRAP-PDU value agent-addr is 0x40 (seen in Wireshark).

Why is the data type of agent-addr not IMPLICIT OCTET STRING (SIZE (4))?

Solution

  • Four ASN.1 primitive types INTEGER, OCTET STRING, OBJECT IDENTIFIER, and NULL

    They say that they picked just these types from the ASN.1 type system. These are are built-in, scalar ASN.1 data types. When it comes to BER serialization, these types have distinct IDs on the wire (AKA tags).

    IpAdrress is an IMPLICIT OCTET STRING (SIZE (4))

    ASN.1 lets you create new type from any other type by changing the tag and (optionally) imposing additional constraints on the value range. There are two ways to change the tag:

    • by overriding the tag of the base type (AKA IMPLICIT tagging)
    • by appending the new tag to the existing tag(s) of the base type (AKA EXPLICIT tagging)

    So here they subtype the OCTET STRING type by replacing its tag by tag #0 in the APPLICATION name space. Arithmetically, this new tag would become 0 | 0x40.

    Additionally, they enforce size constraint on the value range -- SIZE (4) e.g. values must have four octets.

    NetworkAddress is an IpAddress. An agent-addr is a NetworkAddress which is an IpAddress

    Well, yes and no. ;-)

    ASN.1 has a CHOICE pseudo type which is invisible on the wire (does not have its own tag by default) but on the wire it can turn into one of the types it "embeds". The designers were probably planning to support more different network addresses in the future so they wrapped IpAddress by the NetworkAddress container.

    ASN.1 BER represent an OCTET STRING as 0x04. The data type of the TRAP-PDU value agent-addr is 0x40 (seen in Wireshark).

    That's correct: you see a subtype of OCTET STRING having IMPLICIT APPLICATION 0 tag which is 0x40 | 0.

    BTW, with the IMPLICIT tagging, the original tag of the type is lost so do not see any remnants of the base OCTET STRING type on the wire.

    Why is the data type of agent-addr not IMPLICIT OCTET STRING (SIZE (4))?

    It actually is! Hope the above explanation makes it a little less obscure. ;-)