Menu

#2899 snmptrap always sends v3 traps with msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime set to zero

traps
closed
Wes Hardaker
None
5
2024-06-17
2018-11-10
denis hainsworth
No

by default snmptrap is supposed to use the following code to set session.engineBoots and session.engineTime for v3 traps (not inform)

         session.engineBoots = 1;
     if (session.engineTime == 0)    /* not really correct, */
         session.engineTime = get_uptime();  /* but it'll work. Sort of. */

in turn this should set the msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime values in the resulting snmp v3 pdu

additionally you are supposed to be able to set these values from the command line with -Z

debugging the code I can see that session.engineBoots and session.engineTime are being properly set but the resulting packet as seen by wireshark always has msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime set to zero. this will result in an error of "Not in time window" from any rfc compliant snmp v3 receiver. of note recent releases of snmptrapd has its own bug(to be opened shortly) where it is ignoring msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime so it is not a good test receiver to test this bug.

i confirmed that both snmptrap and snmptrapd work as expected in version 5.1.4.2 but have the bug in version 5.7.3. i did not dig into at what version it broke.

Discussion

  • Drew Roedersheimer

    Drew Roedersheimer - 2019-01-04

    I have attached a patch against the v5.8 source to fix this bug. I asked for developer feedback on the net-snmp-coders mailing list for this fix, but did not hear anything back.

    The bug creator, Denis Hainsworth, and I have validated the fix against the v5.8 source code. With the fix, the default msgAuthoritativeEngineBoots and msgAuthoritativeEngineTime values are set to non-zero, and the -Z option to snmptrap can also be used to set these fields explicitly.

    -Drew

     
    patch_2899.txt

  • Wes Hardaker

    Wes Hardaker - 2019-01-08

    Thanks for both the analysis and the patch. I've applied it as it does look like the right thing to do.

     

  • Wes Hardaker

    Wes Hardaker - 2019-01-08
    • status: open --> closed
    • assigned_to: Wes Hardaker
     

  • karthik

    karthik - 2021-08-31
     

    Last edit: karthik 2021-09-01

  • harshitha

    harshitha - 2021-12-10

    Hi,

    We are facing similar issue but the persistent file is missing with EngineBoots line after the upgrade from 5.2.1 to 5.7.3. Kindly help

    Thank you,
    Harshitha H

     

  • Iyyappa Erasa

    Iyyappa Erasa - 2024-06-17

    We have hardcoded the msgAuthoritativeEngineBoots value as 1 and it should always 1 across the reboots.

    286 if (session->engineBoots == 0)
    287 session->engineBoots = 1;
    288 if (session->engineTime == 0) / not really correct, /
    289 session->engineTime = get_uptime(); / but it'll work. Sort of. /
    290
    291 set_enginetime(session->securityEngineID, session->securityEngineIDLen,
    292 session->engineBoots, session->engineTime, TRUE);
    293 }
    294 return 0;

    Do we need to modify the code in the above.

     

Log in to post a comment.

MongoDB Logo MongoDB