Menu
▾
▴
notifications over non UDP/IPv4 transports
|
From: Juergen S. <j.s...@iu...> - 2006-09-28 12:46:13
|
Hi,
we did run into a problem with net-snmp-5.4.pre1 when we use the TCP
transport for notifications. The snmptrapd performs this I believe new
access control check on incoming notifications. The access control
check at some point in time calls netsnmp_udp_getSecName() and this
fails because the format of the content of the parameter opaque has
changed.
The TCP transport stores the old format while the UDP transport now
uses a netsnmp_udp_addr_pair, which however is local to the UDP
transport. So it seems unclear what the proper fix for this is and we
need guidance (or even a patch) to solve this issue.
One option could be that every transport provides its own
netsnmp_xxx_getSecName() function and this would then localize the
format of the opaque data passed around. Another option could be to
share netsnmp_xxx_getSecName() functions between similar transport,
e.g. have a netsnmp_ipv4_getSecName() function and a
netsnmp_ipv6_getSecName() function. But in this case, the format of
the opaque data must be exported and agreed upon. There might be other
options - but since you know this code much better than we do, I
thought I first ask who you think is the right way to handle this.
/js
PS: I had problems to send this email so I meanwhile learned that
net-snmp-5.4.pre3 is out but from a quick look at the diff, it
seems nothing related to the problem described here has changed.
PS: It seems that the netsnmp_udp_addr_pair has been introduced in an
attempt to make sure that UDP/IPv4 response packets somehow use
the "correct" IP address. It seems that this patch ignores also
IPv6 and obviously kind of breaks the TCP-IPv4 transport since
the TCP/IPv4 transport uses the netsnmp_udp_getSecName() function
(which either is a conceptual bug by itself or at least a misnomer
of the function). See the thread "Make snmpd answer from the
correct IP address".
--
Juergen Schoenwaelder International University Bremen
<http://www.eecs.iu-bremen.de/> P.O. Box 750 561, 28725 Bremen, Germany
|