Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#1828 Multiple OIDs in GetReqeust-PDU in proxy mode

proxy-override-etc
open
nobody
agent (1103)
5
2013-01-25
2007-05-21
Code Styler
No

When using snmpd in proxy mode, there seem to be problems when more than one OID is requested in a single PDU and (at least) one of them does not exist in the agent to which the request is forwarded.

Consider this scenario:

snmpd is running on localhost:1611, the line relevant for proxying in snmpd.conf is:

proxy -v 1 -c private localhost:1161 .1.3.6.1.4.1.7146

The agent has been started like this:
$ ./snmpd -Dproxy -f -r -V -c /etc/snmp/snmpd.conf 1611

Now consider the following request (the last OID does not exist):

$ snmpget -r 0 -t 10000 -v 1 -c public localhost:1611 \ .1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.114.117.110.110.105.110.97 \ .1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.114.117.110.110.105.110.103 \ .1.3.6.1.4.1.7146.1.2.2.2.1.1.17.115.110.109.112.45.116.101.115.116.45.115.116.111.112.112.101.100 \

snmpd forwards this request to the agent listening at port 1161 of the same host, which duly returns an error PDU. However, it seems that snmpd is then not handling this scenario correctly, as I've observed the following results:

* In version 5.2.2, no answer is ever sent back to the client, the request times out. The reason was that snmpd did not clear the "delegated" flag for all parts of the request. This has been fixed in the latest release.

* Even in the latest svn snapshot, however, handling is not as expected. The standard demands the pdu be returned unaltered except for the error-status and the error-index fields. snmpd, however, does not send back the OIDs that have been requested. Therefore, snmpget assumes that all three OIDs are erroneous. Usually, however, when answering a request that is not proxied, snmpd returns a PDU with the correct information. snmpget then resends the request without the offending
OID, receives a valid response and displays the result.

The following patch seems to fix this issue as far as SNMP v1 is concerned, but might have to be improved for SNMP v2:

Index: agent/mibgroup/ucd-snmp/proxy.c

--- agent/mibgroup/ucd-snmp/proxy.c (revision 16401)
+++ agent/mibgroup/ucd-snmp/proxy.c (working copy)
@@ -551,7 +551,9 @@
/*
* update the original request varbinds with the results
*/
- } else for (var = vars, request = requests;
+ }
+
+ for (var = vars, request = requests;
request && var;
request = request->next, var = var->next_variable) {
/*

Discussion