SNMP library for Python / Bugs / #72 securityLevel v3 traceback

#72 securityLevel v3 traceback

Status: open

Owner: Ilya Etingof

Labels: None

Priority: 5

Updated: 2012-08-27

Created: 2012-08-24

Creator: Michael Zalokar

Private: No

I've provided a sample program that causes pysnmp to throw a traceback.

Here is the output I get when I run it. Note: various parts of the output have been redacted.

-bash-4.1$ python twisted_test2.py
The pysnmp version is: (4, 2, 3)

TEST 1: Try both devices without a priv key.

UsmUserData("***************", <AUTHKEY>, <PRIVKEY>, (1, 3, 6, 1, 6, 3, 10, 1, 1, 2), (1, 3, 6, 1, 6, 3, 10, 1, 2, 1), None, '') via UdpTransportTarget(('0.0.0.0', 161), 1, 5, '')
SNMP engine error wrongDigest
UsmUserData("****************", <AUTHKEY>, <PRIVKEY>, (1, 3, 6, 1, 6, 3, 10, 1, 1, 2), (1, 3, 6, 1, 6, 3, 10, 1, 2, 1), None, '') via UdpTransportTarget(('0.0.0.1', 161), 1, 5, '')
SNMP engine error wrongDigest

TEST 2: Try both devices. One with and one without the privkey.

Traceback (most recent call last):
File "twisted_test2.py", line 116, in <module>
(cbFun, (varNames, authData, transportTarget))
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/entity/rfc3413/oneliner/cmdgen.py", line 390, in nextCmd
authData.contextEngineId, authData.contextName
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/entity/rfc3413/cmdgen.py", line 426, in sendReq
(self.processResponsePdu, (cbFun, cbCtx))
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/entity/rfc3413/cmdgen.py", line 224, in _sendPdu
cbCtx
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/proto/rfc3412.py", line 155, in sendPdu
sendPduHandle
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/proto/mpmod/rfc3412.py", line 230, in prepareOutgoingMessage
scopedPDU
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/proto/secmod/rfc3414/service.py", line 446, in generateRequestMsg
None
File "/usr/lib/python2.6/site-packages/pysnmp-4.2.3rc8-py2.6.egg/pysnmp/proto/secmod/rfc3414/service.py", line 272, in __generateRequestOrResponseMsg
errorIndication = errind.unsupportedSecurityLevel
pysnmp.proto.error.StatusInformation: {'errorIndication': <pysnmp.proto.errind.UnsupportedSecurityLevel instance at 0x186f560>}

Discussion

Michael Zalokar - 2012-08-24

Sample code.

twisted_test2.py

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ilya Etingof - 2012-08-27

assigned_to: nobody --> elie
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ilya Etingof - 2012-08-27

You seem to use the same SNMPv3 username with different security levels. I have an impression that this is not a valid USM configuration (unless you bind conflicting usernames to distinct SNMP engine IDs -- see SNMP-USER-BASED-SM-MIB::usmUserTable). If I'm correct, that is not an error in pysnmp.

Is it your requirement to have the same username with different security levels? Could you use different usernames?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michael Zalokar - 2012-08-29

The networking group is in the process of changing them. This could take a while, so it needs to work in a mixed mode durring that time.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ilya Etingof - 2012-08-29

I wonder if you could refer me to a relevant discussion\proposal?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michael Zalokar - 2012-08-29

Taking a step back....

My issue isn't with using the same SNMP username with two different security levels in one device and expect everything to work.

My issue is that if I want to asyncrounsly retrieve information from multiple devices with the same username and those multiple devices don't have the same security level for the same username then the code tracebacks. At least it does for me.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ilya Etingof - 2012-08-29

If I understood you correctly, you are saying that the USM standard is going to change to support multiple security-levels per username. I'm asking you to provide more details on this change (new MIBs?) to let me consider adding that feature to pysnmp. Thanks!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Michael Zalokar - 2012-08-29

I'm not saying that the USM standard is changing. Perhaps I'm just missing something.

What I see is that If a ask one network device for information with a priv key (per the device configuration) I am getting an snmp resonpse. If I request snmp information from multiple devices using a priv key (per device configurations) I get multiple snmp responses.

If I ask a second network device all by itself, without a priv key per device configuration, I get an snmp response.
If I requst snmp information from multiple devices not using priv keys (per device configurations) I get multiple snmp responses.

What I believe is a bug is that If I try and asyncronously ask devices with and without priv keys together (per device configuration), pysnmp gives a traceback. I would expect snmp responses.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nobody/Anonymous - 2012-11-29

Your use of such emphatic words in your article shows an intense excitement in what you are trying to convey. Keep up the good work!
<a href="http://en.netlog.com/camelswamp26/blog/blogid=14573150" title="Wedding party">Wedding party</a>

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.