Menu
▾
▴
#2611 cannot override defVersion in host-specific snmp.conf files
Issue observed on version 5.7.3. Issue reproducible on both Linux (Gentoo 32-bit) and FreeBSD (10.1 64-bit).
As described in the man documentation for snmp.conf(5) under 'HOST-SPECIFIC FILES' you should be able to override the defVersion value in host specific files. However this does not work.
Example:
~/.snmp/snmp.conf: defVersion 3 defSecurityName mysecname defSecurityLevel authPriv defAuthPassphrase myauthpass defPrivPassphrase myprivpass defAuthType SHA defPrivType AES
~/.snmp/hosts/192.168.1.1.conf: defVersion 2c defCommunity public
The SNMP request to the host-specific entry tries the wrong version (should use v2c, but instead generates an SNMPv3 message):
$ snmpget -D snmp_build,read_config:line 192.168.1.1 sysName.0 registered debug token snmp_build, 1 registered debug token read_config:line, 1 read_config:line: /home/user/.snmp/snmp.conf:1 examining: defVersion 3 read_config:line: /home/user/.snmp/snmp.conf:2 examining: defSecurityName mysecname read_config:line: /home/user/.snmp/snmp.conf:3 examining: defSecurityLevel authPriv read_config:line: /home/user/.snmp/snmp.conf:4 examining: defAuthPassphrase myauthpass read_config:line: /home/user/.snmp/snmp.conf:5 examining: defPrivPassphrase myprivpass read_config:line: /home/user/.snmp/snmp.conf:6 examining: defAuthType SHA read_config:line: /home/user/.snmp/snmp.conf:7 examining: defPrivType AES read_config:line: /home/user/.snmp/snmp.conf:1 examining: defVersion 3 read_config:line: /home/user/.snmp/snmp.conf:2 examining: defSecurityName mysecname read_config:line: /home/user/.snmp/snmp.conf:3 examining: defSecurityLevel authPriv read_config:line: /home/user/.snmp/snmp.conf:4 examining: defAuthPassphrase myauthpass read_config:line: /home/user/.snmp/snmp.conf:5 examining: defPrivPassphrase myprivpass read_config:line: /home/user/.snmp/snmp.conf:6 examining: defAuthType SHA read_config:line: /home/user/.snmp/snmp.conf:7 examining: defPrivType AES read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:1 examining: defVersion 2c read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:2 examining: defCommunity public snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmp_build: Building SNMPv3 message (secName:"mysecname", secLevel:noAuthNoPriv)... snmpget: Timeout (Sub-id not found: (top) -> sysName)
Same thing happens when the host-specific entry is v3 and the generic entry is v2c:
$ snmpget -D snmp_build,snmp_send,read_config:line 192.168.1.1 sysName.0 registered debug token snmp_build, 1 registered debug token snmp_send, 1 registered debug token read_config:line, 1 read_config:line: /home/user/.snmp/snmp.conf:1 examining: defVersion 2c read_config:line: /home/user/.snmp/snmp.conf:2 examining: defCommunity public read_config:line: /home/user/.snmp/snmp.conf:1 examining: defVersion 2c read_config:line: /home/user/.snmp/snmp.conf:2 examining: defCommunity public read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:1 examining: defVersion 3 read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:2 examining: defSecurityName mysecname read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:3 examining: defSecurityLevel authPriv read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:4 examining: defAuthPassphrase myauthpass read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:5 examining: defPrivPassphrase myprivpass read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:6 examining: defAuthType SHA read_config:line: /home/user/.snmp/hosts/192.168.1.1.conf:7 examining: defPrivType AES snmp_send: Building SNMPv2 message... snmp_send: Building SNMPv2 message... snmp_send: Building SNMPv2 message... snmp_send: Building SNMPv2 message... snmp_send: Building SNMPv2 message... snmp_send: Building SNMPv2 message... Timeout: No Response from 192.168.1.1.
Please fix or update documentation to indicate this is not supported.
This is an interesting bug. The host-specific config file is read properly, and it properly sets the appropriate variables in the data store. However, for most of the variables that it seems would be useful to set per-host, they've already been looked up in the data store! E.g., for defVersion, the control flow is:
snmp_parse_args( ..., session, ... ) if ( version == default ) session->version = defversion snmp_open( ... ) read host-specific config fileThe host-specific config file code would have to be moved way earlier (really inside snmp_parse_args) for it to be able to affect defversion, community, etc.
Actually in my testing it works properly if both files have the same defVersion. Also it works properly if you specify the version on the command line (-v). The issue only seems to occur when the defVersion is different. I only tested between v2c and v3, so I don't know the behavior with v1.
Hello all,
This issue is tagged as OPEN. Is a fix scheduled in any future release?
Thanks,